#curl 8.5.0 is out. This release fixes CVE-2023-46218, a #vulnerability that may allow remote sites to bypass the cookie domain Public Suffix List protection and issue supercookies. Advisory: https://curl.se/docs/CVE-2023-46218.html My HackerOne report: https://hackerone.com/reports/2212193
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne