Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to Information Exposure curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Remediation
There is no fixed version for curl.
References
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2020-8169
- CWE
- CWE-200
- Snyk ID
- SNYK-DEBIAN10-CURL-573153
- Disclosed
- 14 Dec, 2020
- Published
- 24 Jun, 2020