## Summary: The fix for CVE-2024-11053 seems to be incomplete.The information leak problem could be reproduced again if use netrc in step1. ## Affected version all ## Steps To Reproduce: 1. Adapt test479 to use netrc like below(both of user and password are not provided for b.com): machine a.com login alice password alicespassword default 2.Run test479 3. The test would fail because alice and alicepassword were used for b.com. I used the latest version curl 8.11.1 but the problem still exists.I'm not sure if this is expected.Please point it out if i'm wrong. ## Impact ## Summary: Sensitive information disclosure.

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2024-11053 UNKNOWN

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname …

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

LLM06: Sensitive Information Disclosure