ALAS2-2020-1451

Affecting curl package, versions <7.61.1-12.amzn2.0.2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1451. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-8177: No description is available for this CVE. 1847915: CVE-2020-8177 curl: command line arguments lead to local file overwrite

Remediation

Upgrade curl to version or higher.

References

CVE
ALAS2-2020-1451
Snyk ID
SNYK-AMZN2-CURL-585084
Published
16 Jul, 2020