CVE-2014-3620

EPSS 1.3%

Published: 11/18/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-3620

Description

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Affected packages (1)

Debian/curlfrom 0, < 7.38.0-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3620