CVE-2022-27780

moderate-risk

Published 2022-06-02

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (11)

Curl

Hci Bootstrap Os

Clustered Data Ontap

Solidfire\, Enterprise Sds \& Hci Storage Node

Solidfire \& Hci Management Node

H410S Firmware

H700S Firmware

H500S Firmware

H300S Firmware

Universal Forwarder

Affected Vendors

Haxx Netapp Splunk

References (6)

Exploit https://hackerone.com/reports/1553841

Third Party Advisory https://security.gentoo.org/glsa/202212-01

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

Exploit https://hackerone.com/reports/1553841

Third Party Advisory https://security.gentoo.org/glsa/202212-01

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate