11 matches found
JLSEC-2026-437 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a...
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
Curl 7.33.0 < 8.19.0 Token Leak with Redirect and Netrc
The version of curl installed on the remote host is 7.33.0 prior to 8.19.0. It is, therefore, affected by a token leak with redirect and netrc vulnerability: - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that...
SUSE CVE-2026-3783
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
EUVD-2026-11138
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
ALPINE-CVE-2026-3783
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
CVE-2026-3783 token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
CVE-2026-3783
CVE-2026-3783 affects curl: when using an OAuth2 bearer token for an HTTP(S) transfer that is redirected to a second URL, curl may leak the first host’s bearer token to the second host if the redirected-to hostname has .netrc machine/default entries. This is a token leakage vulnerability tied to ...
CVE-2026-3783
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
Linux Distros Unpatched Vulnerability : CVE-2026-3783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second...
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
EUVD-2026-7408
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...