#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.
It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.
The issue has existed in the curl source code for almost twenty-five years.
• https://curl.se/docs/CVE-2024-11053.html
• https://hackerone.com/reports/2829063
No AI tools were used in discovering or reporting the vulnerability.
#noai #handcrafted #infosec #cybersecurity
You must log in or register to comment.