Debian Bug report logs -
#986269
curl: CVE-2021-22876
Package:
src:curl;
Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 2 Apr 2021 07:24:02 UTC
Severity: serious
Tags: security, upstream
Found in versions curl/7740-11, curl/764 ...
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s)
CVE-2020-8177
sn reporte ...
It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects This could lead to exposure of the credentials to the server to which requests were redirected (CVE-2021-22876)
A vulnerability was found in curl where a flaw in the option ...
It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects This could lead to exposure of the credentials to the server to which requests were redirected (CVE-2021-22876)
A vulnerability was found in curl where a flaw in the option ...
Synopsis
Moderate: rh-dotnet31-curl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for rh-dotnet31-curl is now available for NET Core on Red Hat Enterprise LinuxRed Hat Product Security has rat ...
Synopsis
Moderate: Gatekeeper Operator v02 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Gatekeeper Operator v02Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available f ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
Synopsis
Moderate: Release of OpenShift Serverless 1200
Type/Severity
Security Advisory: Moderate
Topic
Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...
Synopsis
Moderate: Red Hat OpenShift distributed tracing 210 security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat Openshit distributed tracing 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: Release of containers for OSP 162 director operator tech preview
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview
Description
Release osp-director-operator imagesSecurity Fix(es): golang: net/http: limit growth of h ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 154 security update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request
libcurl automatically sets the Referer: HTTP request header field in outgoing HTTP requests ...