[Bug Report]: Need confirmation for unpatched CVE
the-Chain-Warden-thresh opened this issue · comments
Contact Details
What happened?
I'm cloning this repo to make some modifications to customize. However, I've noticed that a CVE which were confirmed and fixed by curl do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here is the CVE I found in this repo unpatched, but get fixed in curl:
CVE-2022-32206 in components/curl/lib/content_encoding.c's function CURLcode Curl_build_unencoding_stack(struct connectdata *conn, const char *enclist, int maybechunked)
, with patch here for your reference.
Version
master (Default)
What soultions are you seeing the problem on?
No response
Relevant log output
No response