CVE-2023-27533

ADVISORY - nist

Summary

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

EPSS Score⁠: 0.00141 (0.350)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-74⁠

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-75⁠

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

ADVISORY - redhat

CWE-75⁠

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.