Vulnerability identifier: #VU51821
Vulnerability risk: Medium
Exploitation vector: Network
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to libcurl does not strip off user credentials from the URL when automatically populating the
HTTP request header field in outgoing HTTP requests and therefore
risks leaking sensitive data to the server that is the target of the
second HTTP request.
Install updates from vendor's website.
Vulnerable software versions
cURL: 7.1 - 7.75.0
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?