3 matches found
CVE-2025-0167 netrc and default credential leak
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...
CVE-2024-45340
A flaw was found in cmd/go. This vulnerability allows a malicious server to obtain credentials for unintended domains via improper segmentation of credentials by domain. By default, this issue primarily affects credentials stored in the user's .netrc file...
CVE-2024-11053 netrc and redirect credential leak
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...