CVE-2021-22922
Severity
6.5MEDIUM
EPSS
0.1%
top 64.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 5
Latest updateMay 24
Description
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that serve…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Fedora 33
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-975f-fvhv-8mhx: When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file↗2022-05-24
CVEList▶
CVE-2021-22922: When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file↗2021-08-05
OSV▶
CVE-2021-22922: When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file↗2021-08-05
📋Vendor Advisories
3Microsoft▶
When curl is instructed to download content using the metalink feature thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to ge↗2021-08-10
Debian▶
CVE-2021-22922: curl - When curl is instructed to download content using the metalink feature, theconte...↗2021