diff options
author | JinWang An <jinwang.an@samsung.com> | 2021-02-17 17:09:21 +0900 |
---|---|---|
committer | JinWang An <jinwang.an@samsung.com> | 2021-02-17 17:09:21 +0900 |
commit | 2bbfb5bd8e6be73480018b4ac92befb4736c5bba (patch) | |
tree | f5c58783ae4b9a1d01de5f4dfaa8f30062ae4fc3 /Packaging | |
parent | 28d122ff237b30cbe94432469db21fe24859f4a9 (diff) | |
download | cmake-accepted/tizen/base/tool/20210221.221015.tar.gz cmake-accepted/tizen/base/tool/20210221.221015.tar.bz2 cmake-accepted/tizen/base/tool/20210221.221015.zip |
[CVE-2020-8284] CURLOPT_FTP_SKIP_PASV_IP by defaultsubmit/tizen_base/20210218.080159accepted/tizen/base/tool/20210221.221015
A malicious server can use the FTP PASV response to trick curl 7.73.0
and earlier into connecting back to a given IP address and port,
and this way potentially make curl extract information about services
that are otherwise private and not disclosed,
for example doing port scanning and service banner extractions.
Change-Id: Ifb923106339f8d3e64ec171ef22ebab3ac3c6d8d
Signed-off-by: JinWang An <jinwang.an@samsung.com>
Diffstat (limited to 'Packaging')
0 files changed, 0 insertions, 0 deletions