Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-27779

EPSS 0.24% · P47
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-27779

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过发送数据的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
curl 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
curl是一款用于从服务器传输数据或向服务器传输数据的工具。 curl 存在安全漏洞,攻击者利用该漏洞可以将任意站点设置cookie发送到不同且不相关的站点或域。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-https://github.com/curl/curl Fixed in 7.83.1 -

II. Public POCs for CVE-2022-27779

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-27779

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-06-01 · 81 CVEs total

CVE-2021-34078lifion-verify-dependencies 操作系统命令注入漏洞
CVE-2021-34079Docker-Tester 操作系统命令注入漏洞
CVE-2022-31948Rescue Dispatch Management System SQL注入漏洞
CVE-2020-20971PbootCMS 跨站请求伪造漏洞
CVE-2022-1949389-ds-base 安全漏洞
CVE-2021-33254Embedthis Software Appweb 代码问题漏洞
CVE-2021-34080ssl-utils 操作系统命令注入漏洞
CVE-2021-34081gitsome 操作系统命令注入漏洞
CVE-2021-34082proctree 操作系统命令注入漏洞
CVE-2021-34084s3-uploader 操作系统命令注入漏洞
CVE-2022-31965Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31964Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31962Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31961Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31959Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31957Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31956Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31953Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31952Rescue Dispatch Management System SQL注入漏洞
CVE-2022-31951Rescue Dispatch Management System SQL注入漏洞

Showing top 20 of 81 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: https://github.com/curl/curl
Same vendor: n/a
Same weakness: CWE-201

V. Comments for CVE-2022-27779

No comments yet

Leave a comment