Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-82rv-h33p-2xgc

Опубликовано: 03 июн. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get transposed into http://example.com/127.0.0.1/. This flawcan be used to circumvent filters, checks and more.

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get transposed into http://example.com/127.0.0.1/. This flawcan be used to circumvent filters, checks and more.

Ссылки

EPSS

Процентиль: 26%
0.00087
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-27780

Дефекты

CWE-177
CWE-918

Связанные уязвимости

ubuntu логотип

CVE-2022-27780

CVSS3: 7.5
ubuntu
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

redhat логотип

CVE-2022-27780

CVSS3: 7.5
redhat
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

nvd логотип

CVE-2022-27780

CVSS3: 7.5
nvd
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

msrc логотип

CVE-2022-27780

CVSS3: 7.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-27780

CVSS3: 7.5
debian
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators lik ...

EPSS

Процентиль: 26%
0.00087
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-27780

Дефекты

CWE-177
CWE-918