CVE-2020-8177
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Affected (18)
Products: Haxx: Curl · Debian: Debian Linux · Fujitsu: M10 1 Firmware, M10 4 Firmware, M10 4s Firmware, M12 1 Firmware, M12 2 Firmware, M12 2s Firmware · +2 more
Show all products
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp2410 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M10 1 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M10 4 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M10 4s | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M12 1 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M12 2 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before xcp3110 |
| Running on/with | Platform Versions |
|---|---|
Fujitsu M12 2s | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.1 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| From 8.2.0 to 8.2.12 |
Related CWEs
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
References (10)
Source: support@hackerone.com
PatchThird Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Timeline
No history available yet.