1·
7 months ago@[email protected] nice find, I don’t know how curl defines a vulnerability, but it definitely should have more warnings and preferably fail closed, although that might break quite a few systems which depend on this insecure behaviour
@[email protected] uh what? That explanation makes it sound worse, not better.
even if it requires that the attacker MITM the connection so PR is high… looking at it, how can they claim a RCE has Low impact to CIA?