Hi friends,
Every now and then we get security problems reported to us that are really
just various types of attacks you can do if you can either A) modify the url
your curl application is using and/or B) have a server respond with a
perfectly fine protocol-wise but malicious response to curl.
Letting users freely set the URL, or parts of the URL, for your curl-using
application can get consequences.
I've started to document exactly what consequences and how:
https://gist.github.com/bagder/c22b31fab3bf9e21ff82f872bd5bd372#file-urls-in-curl-md
I'm interested in feedback and help in polishing it up to actually be helpful.
--
/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
