Lucene search
K

15 matches found

Hacker One
Hacker One
added 2026/05/28 3:28 a.m.15 views

curl: CURLOPT_COOKIE leaked to cross-origin redirect target — CURLOPT_UNRESTRICTED_AUTH bypass for the STRING_COOKIE path

Summary: httpcookies at lib/http.c:2532-2534 appends the value of CURLOPTCOOKIE the cookie supplied via -b to outgoing Cookie: headers without invoking Curlauthallowedtohost. As a result, when CURLOPTFOLLOWLOCATION is enabled and the initial origin issues a cross-origin redirect open redirector,...

5.7CVSS6.7AI score0.01595EPSS
Exploits1
Hacker One
Hacker One
added 2026/05/20 1:40 a.m.35 views

curl: curl cross-origin HTTPS redirect reuses TLS client certificate for unintended second-origin mTLS authentication

Summary: When curl follows an HTTPS redirect to a different origin under normal -L / CURLOPTFOLLOWLOCATION behavior, it still presents the configured TLS client certificate to the redirected-to HTTPS server. This happens without --location-trusted / CURLOPTUNRESTRICTEDAUTH, even though curl alrea...

5.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/05 9:49 p.m.10 views

AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

5.4CVSS6AI score0.00165EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 9:49 p.m.5 views

GHSA-WP38-WHX3-XFFH AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

5.4CVSS6AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 2:23 p.m.5 views

OESA-2026-1639 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

8.7CVSS5.6AI score0.00453EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/03/17 12:24 a.m.3 views

SUSE CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References3
NVD
NVD
added 2026/03/16 2:19 p.m.5 views

CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/03/16 2:19 p.m.3 views

DEBIAN-CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.1CVSS5.4AI score0.00179EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/13 10:41 p.m.8 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the handling of HTTPS redirects when a proxy is configured and setfollowlocation is enabled. An attacker can intercept sensitive information by presenting a forged, expired, or self-signed...

9.1CVSS5.9AI score0.00179EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 8:48 p.m.7 views

EUVD-2026-12137

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:48 p.m.7 views

CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 8:48 p.m.7 views

CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

cpp-httplib 信任管理问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Prior to version 0.37.2 of cpp-httplib, there was a vulnerability related to trust management. This vulnerability occurred when a client configured a proxy and enabled setfollowlocation, causing TLS...

8.7CVSS5.8AI score0.00179EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2014/11/29 12:0 a.m.59 views

WordPress 4.0 Denial Of Service

$argv2, 'pwd' = strrepeat"A",1000000, 'redirectto' = $argv1 . "/wp-admin/", 'reauth' = 1, 'testcookie' = '1', 'wp-submit' = "Log%20In"; $cookieFiles = "cookie.txt"; curlsetoptarray$ch, array CURLOPTHEADER = 1, CURLOPTUSERAGENT = "Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6...

5CVSS0.2AI score0.83162EPSS
Exploits7
OSV
OSV
added 2009/03/05 2:30 a.m.2 views

DEBIAN-CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.4AI score0.07812EPSS
Exploits2References1
Rows per page
Query Builder