curl: inconsistently Rejection Logic in file:// URLs with Authority

curl's file:// protocol handler inconsistently applies path sanitization. in reject file://../ as Bad File:// URL" but allows the same traversal when an authority/host e.g.,localhost is present file://localhost/../. this inconsistency misleads developers who rely on the bad file:// URL error for...

curl: Path Traversal in file:// protocol allows Arbitrary File Read

Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...