libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
https://seclists.org/oss-sec/2022/q2/93 https://curl.se/docs/CVE-2022-27779.html https://github.com/curl/curl/commit/7e92d12b4e6911f https://github.com/curl/curl/commit/b27ad8e1d3e68e
Affected versions: curl 7.82.0 to and including curl 7.83.0 Not affected versions: curl < 7.82.0 and curl >= 7.83.1