For details on the #curl PSL vulnerability, check out the #hackerone report. And if you use libpsl, double-check that your use is correct: hackerone.com/reports/2212193

Two mentioned projects in this report in particular should check their code.

curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...

## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...

^HackerOne