RHSA-2020:5002

Affecting curl package, versions <0:7.29.0-59.el7_9.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:5002. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade curl to version or higher.

References

CVE
RHSA-2020:5002
Snyk ID
SNYK-CENTOS7-CURL-1038837
Published
11 Nov, 2020