Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Paul Gilmartin via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 4 Nov 2025 14:54:25 -0700
On 11/4/25 01:42, Daniel Stenberg via curl-users wrote:
> ...
> VULNERABILITY
> -------------
>
> URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into
> saving the output file outside of the current directory without the user
> explicitly asking for it.
> ...
Is there a similar threat if a maliciously crafted
site returns in a reply header a filename containing
a path level separator:
'/' for UNIX
'\' for Windows
':' for Mac Classic
etc.
Date: Tue, 4 Nov 2025 14:54:25 -0700
On 11/4/25 01:42, Daniel Stenberg via curl-users wrote:
> ...
> VULNERABILITY
> -------------
>
> URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into
> saving the output file outside of the current directory without the user
> explicitly asking for it.
> ...
Is there a similar threat if a maliciously crafted
site returns in a reply header a filename containing
a path level separator:
'/' for UNIX
'\' for Windows
':' for Mac Classic
etc.
-- gil -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-11-04