Closed walter-heestermans-toyota closed 1 year ago
[bullseye] - curl <ignored> (curl is not built with HSTS support)
(won't be fixed in Debian because it isn't vulnerable)[bullseye] - curl <ignored> (curl is not built with HSTS support)
(won't be fixed in Debian because it isn't vulnerable)
Inside the docker official images 2.4.4 and 2.4.5 we see some critical and high vulnerabilties, can you fix.
+----------------+----------+------+-------------+-------------------------+--------+------------+------------+----------------------------------------------------+ | CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION | +----------------+----------+------+-------------+-------------------------+--------+------------+------------+----------------------------------------------------+ | CVE-2022-32221 | critical | 9.80 | curl | 7.74.0-1.3+deb11u3 | open | 43 days | < 1 hour | When doing HTTP(S) transfers, libcurl | | | | | | | | | | might erroneously use the read callback | | | | | | | | | | (
CURLOPT_READFUNCTION
) to ask for data to send, | | | | | | | | | | even when the `CURLOPT... | +----------------+----------+------+-------------+-------------------------+--------+------------+------------+----------------------------------------------------+ | CVE-2022-43551 | high | 7.50 | curl | 7.74.0-1.3+deb11u3 | open | 25 days | < 1 hour | A vulnerability exists in curl <7.87.0 HSTS | | | | | | | | | | check that could be bypassed to trick it to keep | | | | | | | | | | using HTTP. Using its HSTS support, curl can be | | | | | | | | | | instructe... | +----------------+----------+------+-------------+-------------------------+--------+------------+------------+----------------------------------------------------+ | CVE-2022-42916 | high | 7.50 | curl | 7.74.0-1.3+deb11u3 | open | 81 days | < 1 hour | In curl before 7.86.0, the HSTS check could be | | | | | | | | | | bypassed to trick it into staying with HTTP. Using | | | | | | | | | | its HSTS support, curl can be instructed to use | | | | | | | | | | HTTP...