AZL-54155 CVE-2024-11053 affecting package curl for versions less than 8.8.0-4

🗓️ 11 Dec 2024 08:15:05Reported by GoogleType

osv🔗 osv.dev👁 2 Views

Curl can leak the first host password across redirects when a netrc entry for the redirect hostname omits login or password (CVE-2024-11053, affected versions below 8.8.0-4).

Reporter	Title	Published	Views	Family All 205
IBM Security Bulletins	Security Bulletin: Security vulnerabilities affect multiple packages shipped with IBM CICS TX Advanced.	28 Apr 202510:33	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to sensitive information disclosure (CVE-2025-0167, CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl	10 Jun 202514:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:45	–	ibm
Tenable Nessus	Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1351)	8 Jan 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0038: mysql:8.0 (ALINUX3-SA-2025:0038)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : mysql (ALSA-2025:1671)	21 Feb 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : mysql:8.0 (ALSA-2025:1673)	20 Feb 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: cmake / curl / mysql (CVE-2024-11053)	10 Feb 202500:00	–	nessus
Tenable Nessus	Curl 7.76.0 < 8.11.1 Information Disclosure (CVE-2024-11053)	12 Dec 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1289)	20 Mar 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-11053

21 Apr 2026 04:35Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.13.4

EPSS0.01399

SSVC