QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-11053

Back to search

CVE-2024-11053

Published: Dec 11, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

VendorProductVersions

curl

curl

affected
8.11.0 - <= 8.11.0
affected
8.10.1 - <= 8.10.1
affected
8.10.0 - <= 8.10.0
affected
8.9.1 - <= 8.9.1
affected
8.9.0 - <= 8.9.0

+192 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now