On Tue, Feb 06, 2018 at 08:24:41AM +0100, Daniel Stenberg wrote: > Every now and then we get security problems reported to us that are really > just various types of attacks you can do if you can either A) modify the url > your curl application is using and/or B) have a server respond with a > perfectly fine protocol-wise but malicious response to curl. > > Letting users freely set the URL, or parts of the URL, for your curl-using > application can get consequences. > > I've started to document exactly what consequences and how:
There looks like a large degree of overlap with https://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Security Perhaps that document could be expanded instead of duplicating the info. ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html