curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: [SECURITY ADVISORY] curl: overwrite local file with -J

From: Alexandre Pion via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 24 Jun 2020 10:59:06 +0200 (CEST)

> curl can be tricked my a malicious server to overwrite a local file when
> using
> `-J` (`--remote-header-name`) and `-i` (`--head`) in the same command line.

`-i` isn't the short option for --include ?
https://curl.haxx.se/docs/manpage.html#-i
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-06-24

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: [SECURITY ADVISORY] curl: overwrite local file with -J"
Previous message: Alexandre Pion via curl-library: "Re: [SECURITY ADVISORY] curl: overwrite local file with -J"
In reply to: Alexandre Pion via curl-library: "Re: [SECURITY ADVISORY] curl: overwrite local file with -J"
Next in thread: Daniel Stenberg via curl-library: "Re: [SECURITY ADVISORY] curl: overwrite local file with -J"
Reply: Daniel Stenberg via curl-library: "Re: [SECURITY ADVISORY] curl: overwrite local file with -J"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]