CVE-2010-3842
Publication date 28 October 2010
Last updated 24 July 2024
Ubuntu priority
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.
Notes
jdstrand
from curl advisory: Operating systems affected include Windows, Netware, MSDOS, OS/2 and Symbian.