AZL-25810 CVE-2023-27534 affecting package rust for versions less than 1.72.0-2

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

HTTP Proxy deny use after free

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...