{"id":54097,"date":"2023-10-12T22:00:00","date_gmt":"2023-10-12T22:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/dr-tech\/how-to-scan-environment-vulnerable-curl"},"modified":"2023-10-12T22:00:00","modified_gmt":"2023-10-12T22:00:00","slug":"how-to-scan-your-environment-for-vulnerable-versions-of-curl","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/","title":{"rendered":"How to Scan Your Environment for Vulnerable Versions of Curl"},"content":{"rendered":"
<\/div>\n

Security teams don\u2019t have to swing into crisis mode to address the recently fixed vulnerabilities in the command-line tool curl and the libcurl library<\/a>, but that doesn’t mean they don’t have to worry about identifying and remediating impacted systems. If the systems are not immediately exploitable, security teams have some time to make those updates.<\/p>\n

This Tech Tip aggregates guidance on what security teams need to do to ensure they aren’t at risk.<\/p>\n

A foundational networking tool for Unix and Linux systems, cURL is used in command lines and scripts to transfer data. Its prevalence is due to the fact that it is used as both a standalone utility (curl) as well as a library that is included in many different types of applications (libcurl). The libcurl library, which allows developers to access curl APIs from their own code, can be introduced directly into the code, used as a dependency, used as part of an operating system bundle, included as part of a Docker container, or installed on a Kubernetes cluster node.<\/p>\n

What Is CVE-2023-38545?<\/h2>\n

The high severity vulnerability affects curl and libcurl<\/a> versions 7.69.0 to 8.3.0, and the low severity vulnerability impacts libcurl versions 7.9.1 to 8.3.0. However, the vulnerabilities cannot be exploited under default conditions. An attacker trying to trigger the vulnerability would need to point curl at a malicious server under the attacker\u2019s control, make sure curl is using a SOCKS5 proxy using proxy-resolver mode, configure curl to automatically follow redirects, and set the buffer size to a smaller size.<\/p>\n

According to Yair Mizrahi<\/a>, a senior security researcher at JFrog, the libcurl library is vulnerable only <\/span>if the following environment variables are set: CURLOPT_PROXYTYPE<\/em>  set to type CURLPROXY_SOCKS5_HOSTNAME<\/em>; or CURLOPT_PROXY<\/em> or CURLOPT_PRE_PROXY<\/em>  set to scheme socks5h:\/\/<\/em>. The library is also vulnerable if one of the proxy environment variables is set to use the socks5h:\/\/<\/em> scheme. The command-line tool is vulnerable only if it is executed with the -socks5-hostname<\/em> flag, or with –proxy<\/em> (-x) or –preproxy<\/em> set to use the scheme socks5h:\/\/<\/em>. It is also vulnerable if curl is executed with the affected environment variables.<\/p>\n

\u201cThe set of pre-conditions needed in order for a machine to be vulnerable (see previous section) is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won\u2019t be affected by this vulnerability,\u201d Mizrahi wrote in the analysis.<\/p>\n

Scan the Environment for Vulnerable Systems<\/h2>\n

The first thing organizations need to do is to scope their environments to identify all systems using curl and libcurl to assess whether those preconditions exist. Organizations should inventory their systems and evaluate their software delivery processes using software composition analysis tools for code, scanning containers, and application security posture management utilities, notes Alex Ilgayev, head of security research at Cycode. Even though the vulnerability does not affect every implementation of curl, it would be easier to identify the impacted systems if the team starts with a list of potential locations to look.<\/p>\n

The following commands identify which versions of curl are installed:<\/p>\n

Linux\/MacOS:<\/em><\/p>\n

find \/ -name curl 2>\/dev\/null -exec echo \"Found: {}\" \\; -exec {} --version \\;<\/em><\/pre>\n
Windows:<\/em><\/p>\n
Get-ChildItem -Path C:\\ -Recurse -ErrorAction SilentlyContinue -Filter curl.exe | ForEach-Object { Write-Host \"Found: $($_.FullName)\"; & $_.FullName --version }<\/em><\/pre>\n
GitHub has a query to run in Defender for Endpoint<\/a> to identify all devices in the environment that have curl installed or use curl. Qualys has published its rules<\/a> for using its platform.<\/p>\n
Organizations using Docker containers or other container technologies should also scan the images for vulnerable versions. A sizable number of rebuilds are expected, particularly in docker images and similar entities that incorporate liburl copies. Docker has pulled together a list of instructions<\/a> on assessing all images.<\/p>\n
To find existing repositories:<\/em><\/p>\n
docker scout repo enable --org <org-name> <org-name>\/scout-demo<\/em><\/pre>\n
To analyze local container images:<\/em><\/p>\n
docker scout policy [IMAGE] --org [ORG]<\/em><\/pre>\n
This issue highlights the importance of keeping meticulous track of all open source software being used in an organization, according to Henrik Plate, a security researcher at Endor Labs.<\/p>\n
\u201cKnowing about all the uses of curl and libcurl is the prerequisite for assessing the actual risk and taking remediation actions, be it patching curl, restricting access to affected systems from untrusted networks, or implementing other countermeasures,\u201d Plate said.<\/p>\n
If the application comes with a software bill of materials, that would be a good place to start looking for instances of curl, adds John Gallagher, vice president of Viakoo Labs.<\/p>\n
Just because the flaws are not exploitable doesn\u2019t mean the updates are not necessary. Patches are available directly for curl and libcurl<\/a>, and many of the operating systems (Debian, Ubuntu, Red Hat, etc.) have also pushed fixed versions. Keep an eye out for security updates from other applications, as libcurl is a library used by many operating systems and applications.<\/p>\n
One workaround until the updates can be deployed is to force curl to use local hostname resolving when connecting to a SOCKS5 proxy, according to JFrog\u2019s Mizrahi. This syntax uses the socks5 scheme and not socks5h: curl -x socks5:\/\/someproxy.com<\/em>. In the library, replace the environment variable CURLPROXY_SOCKS5_HOSTNAME<\/em> with CURLPROXY_SOCKS5<\/em>.<\/p>\n
According to Benjamin Marr, a security engineer at Intruder<\/a>,  security teams should be monitoring curl flags for excessive large strings, as that would indicate the system had been compromised. The flags are –socks5-hostname<\/em>, or –proxy<\/em> or –preproxy<\/em> set to use the scheme socks5h:\/\/<\/em>.<\/p>\n
Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-54097","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nHow to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-12T22:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"How to Scan Your Environment for Vulnerable Versions of Curl\",\"datePublished\":\"2023-10-12T22:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/\"},\"wordCount\":894,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt065a93df8d5a4943\\\/63ebfcac46d4e92d0898e712\\\/patchtuesday_Miha_Creative_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/\",\"name\":\"How to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt065a93df8d5a4943\\\/63ebfcac46d4e92d0898e712\\\/patchtuesday_Miha_Creative_shutterstock.jpg\",\"datePublished\":\"2023-10-12T22:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt065a93df8d5a4943\\\/63ebfcac46d4e92d0898e712\\\/patchtuesday_Miha_Creative_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt065a93df8d5a4943\\\/63ebfcac46d4e92d0898e712\\\/patchtuesday_Miha_Creative_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Scan Your Environment for Vulnerable Versions of Curl\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/","og_locale":"en_US","og_type":"article","og_title":"How to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-12T22:00:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"How to Scan Your Environment for Vulnerable Versions of Curl","datePublished":"2023-10-12T22:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/"},"wordCount":894,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/","url":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/","name":"How to Scan Your Environment for Vulnerable Versions of Curl 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg","datePublished":"2023-10-12T22:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt065a93df8d5a4943\/63ebfcac46d4e92d0898e712\/patchtuesday_Miha_Creative_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/how-to-scan-your-environment-for-vulnerable-versions-of-curl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Scan Your Environment for Vulnerable Versions of Curl"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54097"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54097\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}