FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b1194286-958e-11eb-9c34-080027f515ea	curl -- Automatic referer leaks credentials Daniel Stenberg reports: libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. libcurl automatically sets the Referer: HTTP request header field in outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set. With the curl tool, it is enabled with --referer ";auto". Discovery 2021-03-31 Entry 2021-04-10 curl ge 7.1.1 lt 7.76.0 CVE-2021-22876 https://curl.se/docs/CVE-2021-22876.html

VuXML ID

Description

b1194286-958e-11eb-9c34-080027f515ea

curl -- Automatic referer leaks credentials

Daniel Stenberg reports:

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

libcurl automatically sets the Referer: HTTP request header field in outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set. With the curl tool, it is enabled with --referer ";auto".

Discovery 2021-03-31
Entry 2021-04-10
curl

ge 7.1.1 lt 7.76.0

CVE-2021-22876
https://curl.se/docs/CVE-2021-22876.html