#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here:
#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here:
#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: https://sintonen.fi/advisories/curl-ssh-insufficient-host-identity-verification.txt
#infosec #cybersecurity #nocve
You're viewing a single thread.
5 comments
Are there any good curl forks?
@[email protected] Curl will likely address this eventually even though they don't consider it a vulnerability. See https://github.com/curl/curl/issues/16197