AVG-1755 log

Package libcurl-compat
Status Fixed
Severity High
Type multiple issues
Affected 7.75.0-1
Fixed 7.76.0-1
Current 8.11.1-3 [core]
Ticket None
Created Wed Mar 31 08:16:16 2021
Issue Severity Remote Type Description
CVE-2021-22890 High Yes Authentication bypass
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes.  When using a...
CVE-2021-22876 Medium Yes Information disclosure
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and...