ALAS-2020-1411 --- curl, libcurlID: oval:org.secpod.oval:def:1601174 | Date: (C)2020-07-31 (M)2024-04-03 |
Class: PATCH | Family: unix |
This issue only affects the "curl" command line utility. Additionally, this is only an issue when using the "-J" and "-i" command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can already overwrite all the files curl could overwrite. However, a local user will have to call curl with the "-J" and "-i" command line options while requesting content from a malicious server, which then opens up an opportunity for the malicious server to overwrite local files
Platform: |
Amazon Linux AMI |