CVE-2022-27780 log

Severity Medium
Remote Unknown
Type Unknown
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the wrong host name when it is later retrieved. For example, a URL like ``, would be allowed by the parser and get transposed into ``. This flaw can be used to circumvent filters, checks and more.
Group Package Affected Fixed Severity Status Ticket
AVG-2706 curl 7.83.0-1 7.83.1-1 Medium Fixed
Affected versions: curl 7.80.0 to and including 7.83.0
Not affected versions: curl < 7.83.0 and curl >= 7.83.1