CVE-2025-14524
bearer token leak on cross-protocol redirect
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
curl · curlQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →