How severe is CVE-2024-2004?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2024-2004?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2024-2004 - LOW Severity | CVSS 3.5

Vulnerability Description

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.

Related Vulnerabilities

CVE-2023-45715

LOW

CVSS:3.5(Low)

The console may experience a service interruption when processing file names with invalid characters.

CWE-4362023

CVE-2022-36048

MEDIUM

CVSS:4.3(Medium)

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview vi...

CWE-4362022

CVE-2023-22735

MEDIUM

CVSS:4.6(Medium)

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served ...

CWE-4362023

CVE-2023-30541

MEDIUM

CVSS:5.3(Medium)

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. ...

CWE-4362023

CVE-2024-3386

MEDIUM

CVSS:5.3(Medium)

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains t...

CWE-4362024

CVE-2025-24013

MEDIUM

CVSS:5.3(Medium)

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers w...

CWE-4362025