curl: Malicious server forces .curlrc creation via curl -OJ leading to local file exfiltration

Summary: When a user runs curl -OJ , a malicious server can force the response to be saved as .curlrc in the working directory. If the user executes the download from their home directory a common workflow, the attacker overwrites /.curlrc. Subsequent curl invocations automatically load this...