CVE-2024-11053
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
- T
Tim Bastin detected CVE-2024-11053 with a risk of 1.55
System updated the risk assessment to 0.77
System recalculated raw risk assessment
System updated the risk assessment to 1.55
System recalculated raw risk assessment
System updated the risk assessment to 0.77
System recalculated raw risk assessment
System updated the risk assessment from 0.77 to 1.55
System recalculated raw risk assessment
System detected CVE-2024-11053 with scanner: container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning
System fixed CVE-2024-11053
System detected CVE-2024-11053 with a risk of 1.55
System fixed CVE-2024-11053
System detected CVE-2024-11053 with a risk of 1.55
System detected CVE-2024-11053 with scanner: container-scanning
- T
Tim Bastin fixed CVE-2024-11053
- S
Sebastian Kawelke updated the risk assessment from 1.55 to 1.14
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
- S
Sebastian Kawelke updated the risk assessment from 1.14 to 1.95
Confidentiality Requirement updated: low -> high
Reopen this vulnerability
Affected component
debian/curl