VDB
GCVE-110-MAGEIA-2024-391
GCVE-110-MAGEIA-2024-391
Advisory Published
When asked to both use a .netrc file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that
matches the redirect target hostname but the entry either omits just the
password or omits both login and password.
This update fixes this logic to avoid sending a password to the wrong
host.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | curl | 0 (affected), 7.88.1-4.5.mga9 (unaffected) | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.