Cool bug 🪳
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses in #curl results in indeterminate SSRF #vulnerabilities.
curl disclosed on HackerOne: Incorrect Type Conversion in...
## Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...HackerOne
daniel:// stenberg://
in reply to Marco Ivaldi • • •