Skip to main content


Cool bug 🪳

Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses in #curl results in indeterminate SSRF #vulnerabilities.

hackerone.com/reports/2493548

in reply to Marco Ivaldi

the only bug there is if someone is foolish enough to filter on such URLs ...
⇧