7 comments

[ 5.2 ms ] story [ 74.3 ms ] thread
Here's a link to something other than twitter for those who don't have an account, don't want to login, or don't want to enable javascript

https://github.com/curl/curl/discussions/12026

The CVEs:

CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)

CVE-2023-38546: severity LOW (affects libcurl only, not the tool)

I really wish people would just stop posting submissions to twitter at this point.

Probably stupid question, but what versions of curl does this affect?
We will know Oct 11 :)
Oof, that's a daunting thought.

We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(