Tool Description: curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
A low severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 909
Cwe Name: Missing Initialization of Resource
Cwe Link: https://cwe.mitre.org/data/definitions/909.html
CVE ID: CVE-2021-22898
Target: nginx:latest (debian 11.3)
Packages:
References:
Tool Description: curl 7.7 through 7.76.1 suffers from an information disclosure when the
-t
command line option, known asCURLOPT_TELNETOPTIONS
in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.Custom Description: test assignment