CVEs-PoC/2021/CVE-2021-22876.md

### [CVE-2021-22876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876)
![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Privacy%20Violation%20(CWE-359)&color=brighgreen)

### Description

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

### POC

#### Reference
- https://www.oracle.com//security-alerts/cpujul2021.html

#### Github
- https://github.com/fokypoky/places-list
- https://github.com/indece-official/clair-client