1·
8 months ago@harrysintonen@infosec.exchange nice find, I don’t know how curl defines a vulnerability, but it definitely should have more warnings and preferably fail closed, although that might break quite a few systems which depend on this insecure behaviour
@harrysintonen@infosec.exchange uh what? That explanation makes it sound worse, not better.
even if it requires that the attacker MITM the connection so PR is high… looking at it, how can they claim a RCE has Low impact to CIA?