CVE-2020-8177 — Resource Injection in Curl
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 14
Latest updateApr 16
Description
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages12 packages
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
4Microsoft▶
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.↗2020-12-08
Debian▶
CVE-2020-8177: curl - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for fi...↗2020
💬Community
6Bugzilla
▶
Bugzilla▶
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [fedora-all]↗2020-06-26
Bugzilla▶
CVE-2020-8177 mingw-curl: curl: command line arguments lead to local file overwrite [fedora-all]↗2020-06-26
Bugzilla▶
CVE-2020-8177 flickcurl: curl: command line arguments lead to local file overwrite [epel-7]↗2020-06-26