Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.
Max CVSS
5.8
EPSS Score
0.31%
Published
2010-10-28
Updated
2010-10-28
1 vulnerabilities found