Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-22923

Related Vulnerabilities: CVE-2021-22923  

A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to credentials provided while downloading content without the user's knowledge. The highest threat from this vulnerability is to confidentiality.

Source

Description

A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to credentials provided while downloading content without the user's knowledge. The highest threat from this vulnerability is to confidentiality.

Mitigation

This flaw can be mitigated by upgrading the affected curl utility to version 7.78.0 or by disabling the metalink feature in your current build

Additional Information

  • Bugzilla 1981438: CVE-2021-22923 curl: Metalink download sends credentials
  • CWE-522: Insufficiently Protected Credentials
  • FAQ: Frequently asked questions about CVE-2021-22923

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started