VDB

GCVE-110-MAGEIA-2021-186

GCVE-110-MAGEIA-2021-186
Advisory Published
Vulnetix · Advisory published April 12, 2021
libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. (CVE-2021-22876) TLS 1.3 session ticket proxy host mixup. (CVE-2021-22890)

Affected Products

VendorProductVersionsPlatforms
Mageiacurl0 (affected), 7.74.0-1.1.mga8 (unaffected), 0 (affected), 7.74.0-1.1.mga8 (unaffected)
Mageiaqarte0 (affected), 4.14.0-1.mga8 (unaffected)
Mageiacurl0 (affected), 7.71.0-1.2.mga7 (unaffected), 0 (affected), 7.71.0-1.2.mga7 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›