CVE-2022-27778: 
MySQL vulnerability analysis and mitigation

A use of incorrectly resolved name vulnerability (CVE-2022-27778) was discovered in curl version 7.83.0. The vulnerability occurs when using the --no-clobber option together with --remove-on-error option, which could result in removing the wrong file. This vulnerability was fixed in curl version 7.83.1 (Curl Advisory).

The vulnerability stems from the interaction between two command-line options in curl: --remove-on-error, which removes the output file when curl returns an error to avoid leaving partial files, and --no-clobber, which prevents overwriting existing files by appending a number to create a new filename. When these options are used together, if curl adds a number to avoid clobbering and an error occurs during transfer, the remove-on-error logic incorrectly removes the original filename without the added number (Curl Advisory).

The vulnerability could lead to the deletion of incorrect files when specific command-line options are used together. The CVSS v3.1 base score is 8.1 HIGH, with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H, indicating potential high impact on integrity and availability (NVD Database).

The vulnerability was fixed in curl version 7.83.1. Users are recommended to either upgrade to version 7.83.1 or later, apply the patch to their local version, or avoid using --no-clobber with --remove-on-error (Curl Advisory).