CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-23914

CVSS 9.1v3.1pub. 2023-02-23upd. 2025-03-12

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Haxx Curl

    APP
    Haxx
    7.77.0 – 7.88.0 (bez)
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Clustered Data Ontap

    APP
    Netapp
    9.0
  • Netapp H300s

    HW
    Netapp
    wszystkie wersje
  • Netapp H300s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410s

    HW
    Netapp
    wszystkie wersje
  • Netapp H410s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H500s

    HW
    Netapp
    wszystkie wersje
  • Netapp H500s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H700s

    HW
    Netapp
    wszystkie wersje
  • Netapp H700s Firmware

    OS
    Netapp
    wszystkie wersje
  • Splunk Universal Forwarder

    APP
    Splunk
    9.1.08.2.0 – 8.2.12 (bez)9.0.0 – 9.0.6 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-54085CRITICAL10.0⚠ KEVPL ✓ten sam produkt

AMI MegaRAC SPx — zdalne ominięcie uwierzytelnienia w interfejsie Redfish BMC

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4