Cybersecurity specialists report the detection of a severe vulnerabilities in cURL, a software project consisting of a library and a command interpreter oriented to file transfer. According to the report, the successful exploitation of these flaws would allow threat actors to evade some security measures.
Tracked as CVE-2021-22946, CVE-2021-22947,CVE-2021-22945 these flaw exists due to an unspecified bug in curl, which would allow remote malicious hackers to evade security restrictions implemented by administrators of compromised deployments.
These vulnerabilities received a high score according to the Common Vulnerability Scoring System (CVSS) and its exploitation could put the integrity of the affected systems at risk.
According to the report, the flaw resides in all versions of cURL between v7.1 and v7.79.0.
While the vulnerability could be exploited by unauthenticated threat actors, no active exploitation attempts have been detected so far. Still, cURL developers recommend applying the available updates as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.