Description |
An issue has been found in curl from 7.20.0 upto and including 7.70.0, which can be tricked by a malicious server to overwrite a local file when using -J (--remote-header-name) and -i (--head) in the same command line. When curl -J is used it doesn’t work together with -i and there’s a check that prevents it from getting used. The check was flawed and could be circumvented, which the effect that a server that provides a file name in a Content-Disposition: header could overwrite a local file, since the check for an existing local file was done in the code for receiving a body – as -i wasn’t supposed to work |