A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
14/12/2020
by Haxx
3 months ago
by Netapp
3 months ago
by Oracle
6 months ago
by Oracle
9 months ago
by Oracle
a year ago
by Splunk
a year ago
by Oracle
2 years ago
by Netapp
2 years ago
by Netapp
2 years ago
by Siemens
2 years ago
by Apple
a month ago
by Fedoraproject
a month ago
by Apple
2 months ago
by Debian
2 months ago
by Netapp
a year ago
by Fujitsu
3 years ago
by Fujitsu
3 years ago
by Fujitsu
3 years ago
by Fujitsu
3 years ago
by Fujitsu
3 years ago