Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Dismissed
(max. allowed matches exceeded)
created 2 weeks, 1 day ago Activity log
  • Created & dismissed (max. allowed matches exceeded) suggestion
trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.

References

Affected products

curl
  • =<8.2.0
  • =<7.71.1
  • =<7.50.1
  • =<7.56.0
  • =<7.72.0
  • =<7.68.0
  • =<7.64.0
  • =<7.64.1
  • =<7.63.0
  • =<7.76.0
  • =<7.59.0
  • =<8.6.0
  • =<7.74.0
  • =<7.58.0
  • =<8.1.2
  • =<7.67.0
  • =<7.48.0
  • =<8.15.0
  • =<7.65.1
  • =<7.54.1
  • =<7.55.0
  • =<7.77.0
  • =<8.7.1
  • =<8.11.0
  • =<7.79.1
  • =<7.83.1
  • =<8.16.0
  • =<7.66.0
  • =<8.12.1
  • =<7.46.0
  • =<8.10.0
  • =<7.62.0
  • =<7.53.0
  • =<8.18.0
  • =<7.51.0
  • =<7.61.1
  • =<7.76.1
  • =<7.49.0
  • =<7.73.0
  • =<7.75.0
  • =<8.14.0
  • =<8.20.0
  • =<7.70.0
  • =<8.5.0
  • =<7.65.2
  • =<8.8.0
  • =<7.79.0
  • =<8.4.0
  • =<7.88.0
  • =<8.12.0
  • =<7.50.3
  • =<8.0.1
  • =<8.2.1
  • =<7.52.0
  • =<7.53.1
  • =<8.13.0
  • =<7.47.1
  • =<7.82.0
  • =<7.65.3
  • =<7.47.0
  • =<7.69.0
  • =<8.3.0
  • =<8.0.0
  • =<7.84.0
  • =<7.65.0
  • =<7.78.0
  • =<7.85.0
  • =<7.81.0
  • =<7.60.0
  • =<7.52.1
  • =<7.57.0
  • =<8.1.1
  • =<8.14.1
  • =<7.50.0
  • =<8.19.0
  • =<7.55.1
  • =<8.9.1
  • =<7.87.0
  • =<7.88.1
  • =<7.50.2
  • =<8.9.0
  • =<8.11.1
  • =<7.71.0
  • =<8.17.0
  • =<8.1.0
  • =<8.10.1
  • =<7.61.0
  • =<7.69.1
  • =<7.54.0
  • =<7.83.0
  • =<7.80.0
  • =<7.86.0
  • =<7.56.1
  • =<7.49.1
  • =<8.7.0