I have exposed the APIs. Please check the sign in components. Abhishek
On Sun, 17 Mar 2024 at 4:15 PM, <ro...@debian.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian LTS Advisory DLA-3763-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Bastien Roucariès > March 17, 2024 https://wiki.debian.org/LTS > - ------------------------------------------------------------------------- > > Package : curl > Version : 7.64.0-4+deb10u9 > CVE ID : CVE-2023-27534 > > curl was affected by a path traversal vulnerability. > SFTP implementation causes the tilde (~) character to be wrongly > replaced when used as a prefix in the first path element, > in addition to its intended use as the first element to indicate > a path relative to the user's home directory. Attackers can exploit > this flaw to bypass filtering or execute arbitrary code by > crafting a path like /~2/foo while accessing a server with > a specific user. > > For Debian 10 buster, this problem has been fixed in version > 7.64.0-4+deb10u9. > > We recommend that you upgrade your curl packages. > > For the detailed security status of curl please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/curl > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmX2yagRHHJvdWNhQGRl > Ymlhbi5vcmcACgkQADoaLapBCF/sbxAAjDWy4DGq1CUWgHiMKKE6mP+RO9xZhR0E > Cr6yxOF5Pz2CC+GxvgFnPa1VCEH/lphDaxpilLhq85VXOfGAuTexv2D6df7wgPPx > aR7EhT4JT60CTjZ8ItwYJHassxzl6ZiiIARIIljwfu6jvC5qLl7r6a4zNJLsMMBV > EADl55qA8W6d4jYem3GOkQBtUyVHqsi9ZFgU3BU+/uxEzJEs00jnXJocVOeMLA++ > +MXNP95eEsOQWsAgu9keudouhGqlgJ7KPSPIyYu030sEdpSyxQsErxhKDltn8gP+ > P0VGjIHkFg+x2v68N//ep9eDRtwogmpoRIXYgAQUqah0sgfOGeZOcZTO3U3/isTd > +OC2IFLPmq1YaXmR04v6CdFj0kAjtw4s4u4jjEbiDnhFRnwXjwaIzfo3R2BXI7FP > YHIPqMtN3+cdOyISlUYHk8v9Xe6RnIXqCAxe5bZVn5rB2WTZnXWcib18cVTDXPZ+ > egVcBsnyJVeOFA/WYI0eSj59dlqGM6yZ1rg6u5FeaIHkvXDhdQDxwcJWinJ1oD/6 > SuHFeuRuqJ3sDhKmCxsEdeS91WvevSTg2iVUghz16CWosITZpXDh7/ZM0GYAkn1K > 5UKGY9HjgY65dkY0hXwEbv0L1XvEfqUiIfHNPzQV3VeriKkMV/3dmIXimbd8CKXW > wuKLAwTx6IM= > =bCeZ > -----END PGP SIGNATURE----- > >
