CVE-2024-11053 — Vulnetix

CVE-2024-11053 PUBLISHED

EPSS 1.40% · 80.8th percentile

Risk Scores

EPSS Score

1.40%

80.8th percentile

Affected Products

Vendor	Product	Versions
Amazon	curl

Exploit Intelligence

Credentials forwarded to HTTP after HTTPS→HTTP same-port redirect — url_set_data_creds uses scheme-blind comparator (hackerone)
Credentials forwarded to HTTP after HTTPS→HTTP same-port redirect — url_set_data_creds uses scheme-blind comparator (hackerone)
Credentials forwarded to HTTP after HTTPS→HTTP same-port redirect — url_set_data_creds uses scheme-blind comparator (hackerone)
CVE-2025-0167: netrc and default credential leak (hackerone)
CVE-2025-0167: netrc and default credential leak (hackerone)
netrc and redirect credential leak (hackerone)
CVE-2024-11053: netrc + redirect credential leak (hackerone)
CVE-2025-0167: netrc and default credential leak (hackerone)
netrc and redirect credential leak (hackerone)
CVE-2024-11053: netrc + redirect credential leak (hackerone)

…and 31 more exploits

Timeline

CVE Published
Jan 21, 1970 Nuclei Template
Jan 21, 1970 Fix Commit
Dec 11, 2024 PoC Published
Dec 12, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 15, 2025 PoC Published
Jan 29, 2025 Coalition ESS Score
Jan 31, 2025 EPSS Score
Feb 5, 2025 Coalition ESS Score
Feb 6, 2025 Coalition ESS Score
Feb 7, 2025 PoC Published

References

ALAS2023-2025-1351: curl (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›