A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission of sensitive information.
https://seclists.org/oss-sec/2022/q2/97 https://curl.se/docs/CVE-2022-30115.html https://github.com/curl/curl/commit/fae6fea209a2d4d https://github.com/curl/curl/commit/b27ad8e1d3e68e
Affected versions: curl 7.82.0 to and including 7.83.0 Not affected versions: curl < 7.82.0 and curl >= 7.83.1