A security issue has been reported in cURL/libcURL, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to cURL following HTTP "Location:" redirects to e.g. "scp://" or "file://" URLs, which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.
Successful exploitation requires that automatic redirection following is enabled.
The security issue is reported in versions 5.11 through 7.19.3.
Solution: Update to version 7.19.4 or apply patches.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org