CVE-2014-3620

Priority
Description
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same
Origin Policy and set cookies for arbitrary sites by setting a cookie for a
top-level domain.
Notes
 jdstrand> per upstream, only 7.31.0 to and including 7.37.1
 mdeslaur> introduced by https://github.com/bagder/curl/commit/85b9dc8023
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.38.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2.1)
Patches:
Vendor:https://www.debian.org/security/2014/dsa-3022
More Information

Updated: 2019-03-19 12:14:51 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)