CVE-2020-8284: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.

Overview

Severity
Low (CVSS 3.7)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploit Status
Not Exploited
Patch Tuesday
2020-Dec
Released
2020-12-15
EPSS Score
3.85% (percentile: 88.9%)

Affected Products (1)

Mariner

  • cm1 curl 7.68.0-3 on CBL Mariner 1.0

Revision History

  • 2020-12-15: Information published.