CVE-2024-11053

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-11053

CGA ID

Description

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

References

https://images.chainguard.dev/security/CGA-p536-wf68-h2rf
https://github.com/advisories/GHSA-h288-5fq8-5pfw
https://curl.se/docs/CVE-2024-11053.html
https://curl.se/docs/CVE-2024-11053.json
https://hackerone.com/reports/2829063
http://www.openwall.com/lists/oss-security/2024/12/11/1
https://security.alpinelinux.org/vuln/CVE-2024-11053
https://security-tracker.debian.org/tracker/CVE-2024-11053

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-11053

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources