Description |
- |
curl's HSTS check could be bypassed to trick it to keep using HTTP by using a trailing dot in the hostname of the given URL while the HSTS cache was buillt without it or the other way around. |
+ |
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission of sensitive information. |
|