CVE-2024-11053

ADVISORY - nist

Summary

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

EPSS Score⁠: 0.00145 (0.358)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.