Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to Information Exposure curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Remediation
Upgrade curl to version or higher.
References
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2020-8169
- CWE
- CWE-200
- Snyk ID
- SNYK-ALPINE310-CURL-674634
- Disclosed
- 14 Dec, 2020
- Published
- 16 Sep, 2020