VDB

GCVE-110-MAGEIA-2024-391

GCVE-110-MAGEIA-2024-391
Advisory Published
Vulnetix · Advisory published December 17, 2024
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. This update fixes this logic to avoid sending a password to the wrong host.

Affected Products

VendorProductVersionsPlatforms
Mageiacurl0 (affected), 7.88.1-4.5.mga9 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›