3.4

CVE-2024-11053

Exploit

When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
HaxxCurl Version >= 7.76.0 < 8.11.1
NetappOntap Version9
NetappH610c Firmware Version-
   NetappH610c Version-
NetappH610s Firmware Version-
   NetappH610s Version-
NetappH615c Firmware Version-
   NetappH615c Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.29% 0.519
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.4 1.6 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
https://hackerone.com/reports/2829063
Third Party Advisory
Exploit
Issue Tracking