Tool Description: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
A high severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 295
Cwe Name: Improper Certificate Validation
Cwe Link: https://cwe.mitre.org/data/definitions/295.html
CVE ID: CVE-2022-27782
Target: nginx:latest (debian 11.3)
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Certificate Validation
Description: The software does not validate, or incorrectly validates, a certificate.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/mobile/insufficient_transport_layer_protection/weak_certificate_validation
Videos:
Tool Description: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Custom Description: test2