Docs Overview
Project
Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Known Risks Logo TODO website Info
Protocols
CA Extract HTTP cookies HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog curl CVEs Release Table Version Numbering Verify Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial When options were added
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Vulnerability table / 4.2 vulnerabilities

Vulnerabilities in curl 4.2

Related:
Audits
Changelog
curl CVEs
Vulnerability Disclosure
Vulnerabilities Table

curl version 4.2 was released on April 15 1998

It has the following 4 published security problems.

SFlawFirstLast
LCVE-2020-8284: trusting FTP PASV responses4.07.73.0
HCVE-2016-0754: remote filename path traversal in curl tool for Windows4.07.46.0
HCVE-2015-3153: sensitive HTTP server headers also sent to proxies4.07.42.0
MCVE-2014-3613: cookie leak with IP address as domain4.07.37.1

Further details

CVE data for 4.2 provided as JSON.

Changelog for curl 4.2

See vulnerability summary for the previous release: 4.1 or the subsequent release: 4.3