Your submission was sent successfully! Close

CVE-2022-27780

Published: 11 May 2022

The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the wrong host name when it is later retrieved.

Priority

Medium

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy
Released (7.81.0-1ubuntu1.2)
trusty Not vulnerable
(code not present)
upstream
Released (7.83.1)
xenial Not vulnerable
(code not present)