7.21.1

DATE	CVE	VULNERABILITY TITLE	RISK
2012-04-13	CVE-2012-0036	SQL Injection vulnerability in Curl and Libcurl curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. network low complexity curl CWE-89	7.5
2011-07-07	CVE-2011-2192	Credentials Management vulnerability in multiple products The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. network curl haxx apple fedoraproject debian canonical CWE-255	4.3