Insyde's Security Pledge
Insyde Security Advisory 2023068
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023068 | Software | See description | 5.3~6.5 | 03/12/2024 | 03/12/2024 |
Summary:
Upgrade curl to version 8.5.0.
Vulnerability Details:
Upgrade curl to version 8.5.0 which addressed the following vulnerabilities.
- CVE-2023-46218
CVSS: 6.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description: cookie mixed case PSL bypass - CVE-2023-46219
CVSS: 5.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description: HSTS long file name clears contents.
Solution Information:
SPF: RV24.05 and after.
OPF: RV24.05 and after.
OPF 2.0: RV24.05 and after.
Revision History:
Revision | Date | Description |
1.0 | 03/12/2024 | Initial Release |
- | - | - |