Cookie Injection Flaw in Curl by Daniel Stenberg
CVE-2016-8615
5.3MEDIUM
What is CVE-2016-8615?
A vulnerability exists in the curl application, where cookie state can be improperly managed. Specifically, when cookies are written into a cookie jar and later retrieved for use, a malicious HTTP server could exploit this flaw to inject arbitrary cookies for unauthorized domains into the cookie jar. This could lead to a variety of security issues, including session hijacking and unauthorized data access, making it crucial for users to ensure they are using a patched version of curl.
Affected Version(s)
curl 7.51.0