Post by daniel:// stenberg://

We got this "HIGH security problem" reported for #curl earlier today:

"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In automated or privileged environments (CI/CD, root containers), this leads to Remote Code Execution (RCE), privilege escalation, and supply chain risk."

Never a dull moment.

Edited 4d ago

1 1 4 View Post & Replies See Original

Same user followed up with a second severity HIGH security problem.

"The --capath option in cURL and CURLOPT_CAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root."

I'm fortunate to get to work with the best people 🤠

0 0 2 View Post & Replies See Original