CVE-2020-8177

Name of the Vulnerable Software and Affected Versions curl versions 7.20.0 through 7.70.0

Description The issue exists due to a logical error in handling the Content-Disposition header of an HTTP response. This can allow a remote attacker to overwrite a local file. The vulnerability is related to the improper restriction of names for files and other resources when the -J flag is used. A malicious server can trick curl into overwriting a local file by sending specific HTTP headers. The -J option saves a remote file using the filename present in the Content-Disposition: response header, but the check to avoid overwriting an existing local file is flawed. This flaw allows incoming HTTP headers to overwrite a local file if one exists.

Recommendations For curl versions 7.20.0 through 7.70.0, consider disabling the use of the -J flag in combination with the -i flag until a patch is available. As a temporary workaround, avoid using the -J option with the --remote-header-name and -i (--include) options in the same command line to minimize the risk of exploitation. Restrict access to the vulnerable curl command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.