CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains. It could do this by exploiting a mixed ...

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.