CVE-2022-27780
02.06.2022, 14:15
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.80.0 ≤ 𝑥 < 7.83.1 |
| netapp | hci_bootstrap_os | - |
| netapp | clustered_data_ontap | - |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - |
| netapp | solidfire_\&_hci_management_node | - |
| netapp | h410s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h300s_firmware | - |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-177 - Improper Handling of URL Encoding (Hex Encoding)The software does not properly handle when all or part of an input has been URL encoded.
- CWE-918 - Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.