]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1dbe68) | patch
libcurl/opts: do not save files in dirs where attackers have access
authorDaniel Stenberg <daniel@haxx.se>
Sun, 19 Jan 2025 11:35:39 +0000 (12:35 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 20 Jan 2025 09:34:37 +0000 (10:34 +0100)
commit0f54bfd8039be44bf6106656c1b3fdff786196ab
tree2b7a7d0770b6153546d57167e4f65837172c8579tree | snapshot
parentf1dbe68172604f91978847ad1b4656b001470d80commit | diff
libcurl/opts: do not save files in dirs where attackers have access

libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.

Previously only mentioned in VULN-DISCLOSURE-POLICY.md.

Highlighted-by: Donguk Kim
Closes #16051
docs/libcurl/opts/CURLOPT_ALTSVC.md diff | blob | blame | history
docs/libcurl/opts/CURLOPT_COOKIEFILE.md diff | blob | blame | history
docs/libcurl/opts/CURLOPT_COOKIEJAR.md diff | blob | blame | history
docs/libcurl/opts/CURLOPT_HSTS.md diff | blob | blame | history
Mirror of https://github.com/curl/curl.git