mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
108 lines
4.8 KiB
JSON
108 lines
4.8 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-46218",
|
|
"ASSIGNER": "support@hackerone.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "curl",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "curl",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "8.4.0",
|
|
"status": "affected",
|
|
"lessThanOrEqual": "8.4.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "7.46.0",
|
|
"status": "unaffected",
|
|
"lessThan": "7.46.0",
|
|
"versionType": "semver"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://hackerone.com/reports/2212193",
|
|
"refsource": "MISC",
|
|
"name": "https://hackerone.com/reports/2212193"
|
|
},
|
|
{
|
|
"url": "https://curl.se/docs/CVE-2023-46218.html",
|
|
"refsource": "MISC",
|
|
"name": "https://curl.se/docs/CVE-2023-46218.html"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"
|
|
},
|
|
{
|
|
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"
|
|
},
|
|
{
|
|
"url": "https://www.debian.org/security/2023/dsa-5587",
|
|
"refsource": "MISC",
|
|
"name": "https://www.debian.org/security/2023/dsa-5587"
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20240125-0007/",
|
|
"refsource": "MISC",
|
|
"name": "https://security.netapp.com/advisory/ntap-20240125-0007/"
|
|
}
|
|
]
|
|
}
|
|
} |