Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Warning: using file:// on Windows with curl

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 17 Mar 2020 09:08:39 +0100 (CET)

On Mon, 16 Mar 2020, Daniel Stenberg via curl-users wrote:

> When first realizing this, the curl team tried to filter out such attempts
> in order to protect applications for inadvertent probes of for example
> internal networks etc. This resulted in CVE-2019-15601 and the associated
> security fix.

Due to this, I'm going to backpedal further on CVE-2019-15601 and no longer
list it on the site as a security problem on the security page [1] and the
page listing previous vulnerabilities [2]. (I'll commit that change in a
minute so the change will take affect within the hour.)

The page describing CVE-2019-15601 [3] will remain on the site for reference
and historical reasons.

I need to come up with a place to link to it so that it can be found. Perhaps
a new section for "redacted security problems" - which ideally should never
get another entry added to it.

[1] = https://curl.haxx.se/docs/security.html
[2] = https://curl.haxx.se/docs/vulnerabilities.html
[3] = https://curl.haxx.se/docs/CVE-2019-15601.html 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-03-17