Skip to main content

External Control of File Name or Path


Severity Low
Score 3.7/10


A flaw in libcurl 7.9.1 through 8.3.0 allows an attacker to insert cookies at will into a running program using libcurl, if a specific series of conditions are met. The CVSS is set to low because the flaw requires a series of conditions to be met, and the likelihood that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.

  • HIGH
  • LOW
  • NONE
  • NONE
  • NONE
  • NONE

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Advisory Timeline

  • Published