4 matches found
CVE-2026-33752
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
Summary curlcffi is potentially affected by High Severity vulnerability CVE-2023-38545 in libcurl=8.5, which is not affected by this issue...
GHSA-3VPC-4P9P-47HC curl_cffi bundles a version of libcurl affected by High Severity vulnerability
Summary curlcffi is potentially affected by High Severity vulnerability CVE-2023-38545 in libcurl=8.5, which is not affected by this issue...