8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.8%
curl supports communicating using the TELNET protocol and as a part of this it
offers users to pass on username and “telnet options” for the server
negotiation.
Due to lack of proper input scrubbing and without it being the documented
functionality, curl would pass on username and telnet options to the server
as provided. This could allow users to pass in carefully crafted content that
pass on content or do option negotiation without the application intending to
do so. In particular if an application for example allows users to provide the
data or parts of the data.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.8%