vulnerability
Alpine Linux: CVE-2025-10148: Vulnerability in Multiple Components
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 12, 2025 | Oct 3, 2025 | Oct 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 12, 2025
Added
Oct 3, 2025
Modified
Oct 3, 2025
Description
curl's websocket code did not update the 32 bit mask pattern for each new
outgoing frame as the specification says. Instead it used a fixed mask that
persisted and was used throughout the entire connection.
A predictable mask pattern allows for a malicious server to induce traffic
between the two communicating parties that could be interpreted by an involved
proxy (configured or transparent) as genuine, real, HTTP traffic with content
and thereby poison its cache. That cached poisoned content could then be
served to all users of that proxy.
outgoing frame as the specification says. Instead it used a fixed mask that
persisted and was used throughout the entire connection.
A predictable mask pattern allows for a malicious server to induce traffic
between the two communicating parties that could be interpreted by an involved
proxy (configured or transparent) as genuine, real, HTTP traffic with content
and thereby poison its cache. That cached poisoned content could then be
served to all users of that proxy.
Solution
alpine-linux-upgrade-curl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.