Showing results for 
Show  only  | Search instead for 
Did you mean: 
By Community Manager Community Manager
Community Manager
We are aware of a critical security vulnerability, CVE-2023-38545, in the widely-used data transfer tool, curl, and its library, libcurl. Rest assured, we are actively working to identify services utilizing curl in our infrastructure and have taken the following steps:
What’s the Issue?: A high-severity vulnerability in curl.
Why It Matters: This is a severe issue with a high probability of impacting multiple systems.
Preparation: We are actively monitoring the situation and utilizing SBOM to identify affected services and products.
Action Taken: Curl have advised a security patch is scheduled to be released on October 11.

Your security is our priority, and we are prepared to address this issue. More updates to follow.
(1) Comment
By Revenera

A few things to keep in mind:

  • As always, security patches tend to take a few attempts to fully resolve, so keep an eye our for subsequent patches as more exploit scenarios are uncovered and/or additional security issues are reported.
  • Also, even if you are not a software supplier, don’t forget to check your servers as you likely have cURL installed on them in your data center. Make sure you upgrade all instances to the appropriate "latest" version as patches are released.
  • Finally, do not forget to check derivative projects that were base on or ported from cURL for impact... i.e., pycurl, python-pycurl, and others.