security

Security Advisory: High Severity Curl Vulnerability

Security Advisory: High Severity Curl Vulnerability

The maintainers of curl, the popular command-line tool and library for transferring data with URLs, released curl 8.4.0 on October 11, 2023. This version included a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” But you can use Docker Scout to check whether you’re using the curl library as a dependency in any of the container images in your organization.