curl / Docs / Vulnerability table / 4.10 vulnerabilities

Vulnerabilities in curl 4.10

curl version 4.10 was released on October 26 1998

It has the following 10 published security problems.

SFlawFirstLast
LCVE-2022-35252: control code in cookie denial of service4.97.84.0
LCVE-2022-27776: Auth/cookie leak on redirect4.97.82.0
MCVE-2022-27774: Credential leak on redirect4.97.82.0
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
HCVE-2016-8615: cookie injection for other servers4.97.50.3
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1
HCVE-2013-1944: cookie domain tailmatch4.77.29.0
HCVE-2003-1605: Proxy Authentication Header Information Leakage4.57.10.6

Further details

CVE data for 4.10 provided as JSON.

Changelog for curl 4.10

See vulnerability summary for the previous release: 4.9 or the subsequent release: 5.0