Tool Description: libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
A high severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 835
Cwe Name: Loop with Unreachable Exit Condition (Infinite Loop)
Cwe Link: https://cwe.mitre.org/data/definitions/835.html
CVE ID: CVE-2022-27781
Target: nginx:latest (debian 11.3)
Packages:
References:
Tool Description: libcurl provides the
CURLOPT_CERTINFOoption to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Custom Description: NEW ENDPOINT TEST