Your submission was sent successfully! Close

CVE-2020-8177

Published: 24 June 2020

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Notes

AuthorNote
mdeslaur
introduced in 7.20.0
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.9)
eoan
Released (7.65.3-1ubuntu3.1)
focal
Released (7.68.0-1ubuntu2.1)
precise
Released (7.22.0-3ubuntu4.28)
trusty
Released (7.35.0-1ubuntu2.20+esm4)
upstream Needs triage

xenial
Released (7.47.0-1ubuntu2.15)