The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get transposed into http://example.com/127.0.0.1/. This flawcan be used to circumvent filters, checks and more.

CPENameOperatorVersion
curleq7.19.4-r0
curleq7.42.1-r0
curleq7.52.0-r0
curleq7.44.0-r0
curleq7.77.0-r1
curleq7.46.0-r2
curleq7.69.1-r0
curleq7.39.0-r0
curleq7.75.0-r0
curleq7.46.0-r0

Name	Operator	Version
curl	eq	7.19.4-r0
curl	eq	7.42.1-r0
curl	eq	7.52.0-r0
curl	eq	7.44.0-r0
curl	eq	7.77.0-r1
curl	eq	7.46.0-r2
curl	eq	7.69.1-r0
curl	eq	7.39.0-r0
curl	eq	7.75.0-r0
curl	eq	7.46.0-r0