curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
2020-12-14T20:15:13.497
2024-11-21T05:38:26.703
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | haxx | curl | ≤ 7.70.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | fujitsu | m10-1_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp2410 | Yes |
| Hardware | fujitsu | m12-2s | - | No |
| Operating System | fujitsu | m10-1_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m10-1 | - | No |
| Operating System | fujitsu | m10-4_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m10-4 | - | No |
| Operating System | fujitsu | m10-4s_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m10-4s | - | No |
| Operating System | fujitsu | m12-1_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m12-1 | - | No |
| Operating System | fujitsu | m12-2_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m12-2 | - | No |
| Operating System | fujitsu | m12-2s_firmware | < xcp3110 | Yes |
| Hardware | fujitsu | m12-2s | - | No |
| Application | siemens | sinec_infrastructure_network_services | < 1.0.1.1 | Yes |
| Application | splunk | universal_forwarder | < 8.2.12 | Yes |
| Application | splunk | universal_forwarder | < 9.0.6 | Yes |
| Application | splunk | universal_forwarder | 9.1.0 | Yes |