curl / Docs / Vulnerability table / 7.80.0 vulnerabilities

Vulnerabilities in curl 7.80.0

curl version 7.80.0 was released on November 10 2021. The following 7 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7. Improper Handling of URL Encoding
Auth/cookie leak on redirect4.97.82.0CVE-2022-27776CWE-522: Insufficiently Protected Credentials
Bad local IPv6 connection reuse7. Exposure of Sensitive Information to an Unauthorized Actor
Credential leak on redirect4.97.82.0CVE-2022-27774CWE-522: Insufficiently Protected Credentials
OAUTH2 bearer bypass in connection re-use7. Authentication Bypass by Primary Weakness

Changelog for curl 7.80.0

See vulnerability summary for the previous release: 7.79.1 or the subsequent release: 7.81.0