5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.8%
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same
Origin Policy and set cookies for arbitrary sites by setting a cookie for a
top-level domain.
Author | Note |
---|---|
jdstrand | per upstream, only 7.31.0 to and including 7.37.1 |
mdeslaur | introduced by https://github.com/bagder/curl/commit/85b9dc8023 |