External Control of File Name or Path
A flaw in libcurl 7.9.1 through 8.3.0 allows an attacker to insert cookies at will into a running program using libcurl, if a specific series of conditions are met. The CVSS is set to low because the flaw requires a series of conditions to be met, and the likelihood that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.
CWE-73 - External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.