2 matches found
libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak
The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...
EUVD-2026-29928
Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...