Main Vulnerability Database Vulnerabilities #VU51821

#VU51821 Information disclosure in cURL - CVE-2021-22876

Published: March 31, 2021

Vulnerability identifier: #VU51821

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-22876

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2021-22876.html

#VU51821 Information disclosure in cURL - CVE-2021-22876

Description

Remediation

External links

Please verify you're human