curl: Cross‑origin cookies leak and injection risk when using a custom Host header
Summary When a custom hostname is specified, it is used for cookie matching if the cookie engine is also enabled for this transfer. This matching persists in cross-origin redirects despite that the originally supplied hostname is removed. cookiehost is set from a custom Host header: lib/http.c...