curl / Docs / Vulnerability table / 7.83.0 vulnerabilities

Vulnerabilities in curl 7.83.0

curl version 7.83.0 was released on April 27 2022. The following 6 security problems are known to exist in this version.

FlawFrom versionTo and includingCVECWE
HSTS bypass via trailing dot7. Cleartext Transmission of Sensitive Information
TLS and SSH connection too eager reuse7. Authentication Bypass by Primary Weakness
CERTINFO never-ending busy-loop7. Loop with Unreachable Exit Condition ('Infinite Loop')
percent-encoded path separator in URL host7. Improper Handling of URL Encoding
cookie for trailing dot TLD7. Information Exposure Through Sent Data
curl removes wrong file on error7. Use of Incorrectly-Resolved Name or Reference

Changelog for curl 7.83.0

See vulnerability summary for the previous release: 7.82.0 or the subsequent release: 7.83.1