Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Cleartext Transmission of Sensitive Information
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Cleartext Transmission of Sensitive Information
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><7.52.1-5+deb9u16
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Debian:9
relevant versions.
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd
on the command line orCURLOPT_USE_SSL
set to CURLUSESSL_CONTROL
or CURLUSESSL_ALL
withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active