Search for packages
| purl | pkg:conan/libcurl@7.13.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 2.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cbah-e86c-w3fj
Aliases: CVE-2023-27535 |
Improper Authentication An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:51:05.120774+00:00 | GitLab Importer | Affected by | VCID-cbah-e86c-w3fj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libcurl/CVE-2023-27535.yml | 38.0.0 |