CVE-2022-27780 Information
Description
The curl URL parser wrongly accepts percent-encoded URL separators like ‘/‘when decoding the host name part of a URL making it a different URL usingthe wrong host name when it is later retrieved.For example a URL like http://example.com%2F127.0.0.1/ would be allowed bythe parser and get transposed into http://example.com/127.0.0.1/. This flawcan be used to circumvent filters checks and more.
Reference
https://hackerone.com/reports/1553841
The
curl
URL
parser
wrongly
accepts
percent-encoded
URL
separators
like
‘/‘when
decoding
the
host
name
part
of
a
URL
making
it
a
different
URL
usingthe
wrong
host
name
when
it
is
later
retrieved.For
example
a
URL
like
[***http://example.com%2F127.0.0.1/***](http://example.com%2F127.0.0.1/) would be allowed bythe parser and get transposed into [***http://example.com/127.0.0.1/.***](http://example.com/127.0.0.1/.)
This
flawcan
be
used
to
circumvent
filters
checks
and
more.