CVE-2022-27774
curl - security update
5.7
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
How to fix CVE-2022-27774
To remediate CVE-2022-27774, upgrade the affected package to a fixed version below.
- —upgrade to 7.79.1-r1 or later
- —upgrade to 7.74.0-1.3+deb11u2 or later
- —upgrade to 7.64.0-4+deb10u4 or later
Is CVE-2022-27774 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 7.79.1-r1
- from 0, < 7.74.0-1.3+deb11u2
- from 0, < 7.64.0-4+deb10u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |