CVE-2022-35252 Information
Sep 24, 2022
cve
Description
When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\sister site\ to deny service to all siblings.
Reference
https://hackerone.com/reports/1613943
When
curl
is
used
to
retrieve
and
parse
cookies
from
a
HTTP(S)
server
itaccepts
cookies
using
control
codes
that
when
later
are
sent
back
to
a
HTTPserver
might
make
the
server
return
400
responses.
Effectively
allowing
a\sister
site
to
deny
service
to
all
siblings.