Approved

cURL vulnerability - CVE-2023-38545

This is a live discover query.

with file_list as (
select spj.cmd_line, sfj.path, sfj.file
from sophos_file_journal as sfj
join sophos_process_journal as spj
on spj.sophos_pid = sfj.sophos_pid
where sfj.subject = "FileBinaryReads"
and sfj.event_type = 9
and sfj.file like '%libcurl%'
)
select * from file_list join file as osqfile on osqfile.path = file_list.path where osqfile.file_version not like '8.4%'

See the original discussion thread here