curl / Docs / Vulnerability table / 6.2 vulnerabilities

Vulnerabilities in curl 6.2

curl version 6.2 was released on October 21 1999. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
HTTP authentication leak in redirects6.07.57.0CVE-2018-1000007CWE-522: Insufficiently Protected Credentials
URL request injection6.07.39.0CVE-2014-8150CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
cookie domain tailmatch6.07.29.0CVE-2013-1944CWE-201: Information Exposure Through Sent Data
Arbitrary File Access6.07.19.3CVE-2009-0037CWE-142: Improper Neutralization of Value Delimiters
FTP Server Response Buffer Overflow6.07.4CVE-2000-0973CWE-121: Stack-based Buffer Overflow

Changelog for curl 6.2

See vulnerability summary for the previous release: 6.1 or the subsequent release: 6.3