curl / Docs / Vulnerability table / 7.71.0 vulnerabilities

Vulnerabilities in curl 7.71.0

curl version 7.71.0 was released on June 24 2020. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS 1.3 session ticket proxy host mixup7. Authentication Bypass by Spoofing
Automatic referer leaks credentials7. Exposure of Private Personal Information to an Unauthorized Actor
Inferior OCSP verification7. Improper Check for Certificate Revocation
FTP wildcard stack overflow7. Uncontrolled Recursion
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection7. Expired Pointer Dereference

Changelog for curl 7.71.0

See vulnerability summary for the previous release: 7.70.0 or the subsequent release: 7.71.1