Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
netrc and default credential leak
Vulnerability Description
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
curl 安全漏洞
Vulnerability Description
curl是cURL开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl 7.76.0至8.11.1版本存在安全漏洞,该漏洞源于在使用.netrc文件并跟随HTTP重定向时,在某些情况下可能将密码泄露到重定向的目标主机。
CVSS Information
N/A
Vulnerability Type
N/A