{"vulnerability": "CVE-2023-27534", "sightings": [{"uuid": "d8e1b9b5-5945-45e6-a4d8-a12dbe265cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/ctinow/100869", "content": "curl: CVE-2023-27534: SFTP path ~ resolving discrepancy\n\nhttps://ift.tt/tz0LmMR", "creation_timestamp": "2023-03-22T22:31:30.000000Z"}, {"uuid": "58d76e29-5bef-4f76-8d69-e8836dd94333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/cibsecurity/61200", "content": "\u203c CVE-2023-27534 \u203c\n\nA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:21:36.000000Z"}, {"uuid": "51dc0ee2-0537-4493-8f48-ec21a9715e76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/ctinow/100328", "content": "Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy\n\nhttps://ift.tt/CQNnxX4", "creation_timestamp": "2023-03-20T23:31:52.000000Z"}]}