11 matches found
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6276
CVE-2026-6276 affects libcurl: if a custom Host header is initially set for an HTTP request and a subsequent request on the same easy handle is made without the Host header, the second request can reuse stale host information and leak cookies intended for the first host. The issue manifests as a ...
JLSEC-2026-413 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could...
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...
PT-2026-35896
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When configured to use a .netrc file for credentials and to follow HTTP redirects, libcurl may leak the password used for the initial host to the subsequent host during the redirect process...
EUVD-2026-11138
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
CURL-CVE-2026-3783 token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
SUSE-SU-2025:20106-1 Security update for curl
This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances bsc1234068...
Security update for curl
This update for curl fixes the following issues: CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances bsc1234068 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
USN-7162-1 curl vulnerability
Harry Sintonen discovered that curl incorrectly handled credentials from .netrc files when following HTTP redirects. In certain configurations, the password for the first host could be leaked to the followed-to host, contrary to expectations...
Security update for curl
This update for curl fixes the following issues: CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances bsc1234068 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
curl 安全漏洞
curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from the fact that it can, under certain circumstances, disclose the password used by the first host to subsequent hosts...