CVE-2024-2004
LOWDescription
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| haxx | curl |
| fedoraproject | fedora |
| fedoraproject | fedora |
| apple | macos |
| apple | macos |
| apple | macos |
| netapp | ontap |
| netapp | ontap_select_deploy_administration_utility |
| netapp | bootstrap_os |
| netapp | hci_compute_node |
| netapp | h300s_firmware |
| netapp | h300s |
| netapp | h410s_firmware |
| netapp | h410s |
| netapp | h500s_firmware |
| netapp | h500s |
| netapp | h700s_firmware |
| netapp | h700s |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-2004? +
How severe is CVE-2024-2004? +
What products are affected by CVE-2024-2004? +
How do I check if I'm vulnerable to CVE-2024-2004? +
Related Vulnerabilities
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded …
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were …
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule …
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host …
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as …
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to …