Home > Vulnerability Database > CVE-2024-11053

Mend.io Vulnerability Database

CVE-2024-11053

Good to know:

Date: December 11, 2024

A flaw was found in curl. When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. Affected versions: curl 6.5 to and including 8.11.0

Language: C

Severity Score

3.7

Related Resources (11)

Url: https://seclists.org/oss-sec/2024/q4/150

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11053

Url: https://security.alpinelinux.org/vuln/CVE-2024-11053

Url: https://curl.se/docs/CVE-2024-11053.json

Url: https://curl.se/docs/CVE-2024-11053.html

Url: https://security-tracker.debian.org/tracker/CVE-2024-11053

Url: https://hackerone.com/reports/2829063

Url: https://security.netapp.com/advisory/ntap-20250124-0012/

Url: http://www.openwall.com/lists/oss-security/2024/12/11/1

Url: https://security.netapp.com/advisory/ntap-20250131-0003/

Url: https://www.mend.io/vulnerability-database/CVE-2024-11053

Severity Score

3.7

Top Fix

Upgrade Version

Upgrade to version https://github.com/curl/curl.git - curl-8_11_1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11053

Good to know:

Date: December 11, 2024

Language: C

Severity Score

Related Resources (11)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?