Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

CURL-CVE-2023-23915 HSTS amnesia with --parallel

curl's HSTS cache saving behaves wrongly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when...

curl: CVE-2023-23915: HSTS amnesia with --parallel

HSTS cache entries were overwritten by curl when requests were made in parallel, resulting in only one site being protected by TLS and the others being vulnerable to loss of confidentiality and integrity...

HackerOne: Hogging up all the resources on hackerone.com

Please note. I believe that some of the issues described below can also be used on their own and/or combined in other configurations to achieve different results, e.g. "paying" a bounty of zero or team avoiding to resolve and unpleasant issue. I am however describing the very likely doomsday...

[SECURITY] Fedora 22 Update: php-guzzle-Guzzle-3.9.3-5.fc22

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...