Se méfier grandement des scores en question.
Cf un des dev core de CURL:
Bogus CVE follow-upsdaniel.haxx.seOn August 26 I posted details here on my blog about the bogus curl issue CVE-2020-19909. Luckily, it got a lot of attention and triggered discussions widely. Maybe I helped shed light on the brittleness of this system. This was not a unique instance and it was not the first time it happened. This has … Continue reading Bogus CVE follow-ups →