vulnerability
Gentoo Linux: CVE-2020-8284: cURL: Multiple vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Dec 14, 2020 | Dec 29, 2020 | Nov 26, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 14, 2020
Added
Dec 29, 2020
Modified
Nov 26, 2024
Description
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Solution
gentoo-linux-upgrade-net-misc-curl

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.