216.73.217.80

CVE-2024-11053

· Published 11/12/2024 08:15 · Modified 15/12/2024 17:15

Labels: CVE-2024-11053 2024-12-112499f714-1537-4658-8207-48ae4bb9eae9CVE-2024-11053

Essential information

Published
11/12/2024 08:15
Modified
15/12/2024 17:15
Author
Creator
CVSS
3.4 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS metrics

Description

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD
View on NVD

References