Information disclosure in Curl in Apple Mac OS - CVE-2021-22946ID: oval:org.secpod.oval:def:78235 | Date: (C)2022-03-16 (M)2024-04-03 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS 12 before 12.3 and is prone to an information disclosure vulnerability. The flaws are present in the application, which fails to properly handle a issues in curl. On successful exploitation, attacker can make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.