Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Report]: Need confirmation for unpatched CVE #2011

Open
the-Chain-Warden-thresh opened this issue Nov 1, 2023 · 0 comments
Open

[Bug Report]: Need confirmation for unpatched CVE #2011

the-Chain-Warden-thresh opened this issue Nov 1, 2023 · 0 comments
Labels
bug

Comments

@the-Chain-Warden-thresh
Copy link

Contact Details

[email protected]

What happened?

I'm cloning this repo to make some modifications to customize. However, I've noticed that a CVE which were confirmed and fixed by curl do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here is the CVE I found in this repo unpatched, but get fixed in curl:

CVE-2022-32206 in components/curl/lib/content_encoding.c's function CURLcode Curl_build_unencoding_stack(struct connectdata *conn, const char *enclist, int maybechunked), with patch here for your reference.

Version

master (Default)

What soultions are you seeing the problem on?

No response

Relevant log output

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-Chain-Warden-thresh