---

CVE-2022-27779 - log back

CVE-2022-27779 edited at 11 May 2022 11:16:20
Severity	- Unknown + Medium
Description	+ libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
References	+ https://seclists.org/oss-sec/2022/q2/93 + https://curl.se/docs/CVE-2022-27779.html + https://github.com/curl/curl/commit/7e92d12b4e6911f + https://github.com/curl/curl/commit/b27ad8e1d3e68e
Notes	+ Affected versions: curl 7.82.0 to and including curl 7.83.0 + Not affected versions: curl < 7.82.0 and curl >= 7.83.1

CVE-2022-27779 created at 11 May 2022 10:34:34
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes