Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
curl 安全漏洞
Vulnerability Description
curl是一款用于从服务器传输数据或向服务器传输数据的工具。 curl 7.46.0到 8.4.0版本存在安全漏洞,该漏洞源于 curl函数中存在混合大小写缺陷,允许恶意 HTTP server在curl 中设置 super cookies,然后传回更多的信息。
CVSS Information
N/A
Vulnerability Type
N/A