CVE-2014-3620
Published: 10 September 2014
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
Notes
Author | Note |
---|---|
jdstrand | per upstream, only 7.31.0 to and including 7.37.1 |
mdeslaur | introduced by https://github.com/bagder/curl/commit/85b9dc8023 |
Priority
Status
Package | Release | Status |
---|---|---|
curl Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
(7.22.0-3ubuntu4.8)
|
|
trusty |
Released
(7.35.0-1ubuntu2.1)
|
|
upstream |
Released
(7.38.0)
|
|
Patches: vendor: https://www.debian.org/security/2014/dsa-3022 |