curl / Docs / Vulnerability table / 7.71.1 vulnerabilities

Vulnerabilities in curl 7.71.1

curl version 7.71.1 was released on July 1 2020. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS 1.3 session ticket proxy host mixup7.63.07.75.0CVE-2021-22890CWE-290: Authentication Bypass by Spoofing
Automatic referer leaks credentials7.1.17.75.0CVE-2021-22876CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
Inferior OCSP verification7.41.07.73.0CVE-2020-8286CWE-299: Improper Check for Certificate Revocation
FTP wildcard stack overflow7.21.07.73.0CVE-2020-8285CWE-674: Uncontrolled Recursion
trusting FTP PASV responses4.07.73.0CVE-2020-8284CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
wrong connect-only connection7.29.07.71.1CVE-2020-8231CWE-825: Expired Pointer Dereference

Changelog for curl 7.71.1

See vulnerability summary for the previous release: 7.71.0 or the subsequent release: 7.72.0