Lucene search
K

14 matches found

OSV
OSV
added 2026/05/04 1:12 p.m.8 views

JLSEC-2026-437 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a...

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.1AI score0.00333EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/08 10:45 a.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials during the cross-protocol redirect when OAuth2 bearer is used and username component is set in redirect-to URL. An attacker can obtain sensitive authentication credentials by triggering a...

6.5CVSS6.6AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2026/01/06 7:0 a.m.4 views

UBUNTU-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.1AI score0.00611EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/04 10:28 p.m.7 views

Malicious code in oauth2-bearer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3aa2d2499cf414a068a46af982e2179810f9ca6fe985bc099dec22b8dc75469 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/07/04 10:28 p.m.3 views

MAL-2025-5711 Malicious code in oauth2-bearer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3aa2d2499cf414a068a46af982e2179810f9ca6fe985bc099dec22b8dc75469 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
Oracle linux
Oracle linux
added 2022/11/22 12:0 a.m.37 views

curl security update

7.76.1-19 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208 7.76.1-18 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-17 - fix leak of SRP credentials in redirects...

9.8CVSS0.1AI score0.3197EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.71 views

RHEL 8 : curl (RHSA-2022:5313)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5313 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

8.1CVSS7AI score0.03425EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.61 views

RHEL 9 : curl (RHSA-2022:5245)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5245 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

8.1CVSS7AI score0.03425EPSS
Exploits4References11
OSV
OSV
added 2022/06/30 12:0 a.m.34 views

ALSA-2022:5313 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

8.1CVSS7.4AI score0.03425EPSS
Exploits4References10
OSV
OSV
added 2022/05/02 7:44 p.m.7 views

MGASA-2022-0159 Updated curl packages fix security vulnerability

OAUTH2 bearer bypass in connection re-use. CVE-2022-22576 Credential leak on redirect. CVE-2022-27774 Bad local IPv6 connection reuse. CVE-2022-27775 Auth/cookie leak on redirect. CVE-2022-27776...

8.1CVSS6.4AI score0.03425EPSS
Exploits4References7
Slackware Linux
Slackware Linux
added 2022/04/27 9:48 p.m.52 views

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection...

8.1CVSS0.3AI score0.03425EPSS
Exploits4
Hacker One
Hacker One
added 2022/04/27 4:16 p.m.85 views

Internet Bug Bounty: OAUTH2 bearer not-checked for connection re-use

libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protcols: SMTPS, IMAPS, POP3S and LDAPS openldap only. libcurl maintains a pool of connections afte...

5.5CVSS8.1AI score0.01914EPSS
Exploits1
OSV
OSV
added 2022/04/27 8:0 a.m.9 views

CURL-CVE-2022-22576 OAUTH2 bearer bypass in connection reuse

libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMTPS, IMAPS, POP3S and LDAPS OpenLDAP only. libcurl maintains a pool of live connection...

8.1CVSS6.7AI score0.01914EPSS
Exploits1
curl security advisories
curl security advisories
added 2022/04/27 8:0 a.m.8 views

OAUTH2 bearer bypass in connection reuse

libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMTPS, IMAPS, POP3S and LDAPS OpenLDAP only. libcurl maintains a pool of live connection...

8.1CVSS6.4AI score0.01914EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder