this post was submitted on 05 Feb 2025
14 points (100.0% liked)

Cybersecurity

12 readers
60 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
14
#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: (infosec.exchange)
submitted 2 months ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
5 comments fedilink hide all child comments
 

#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: https://sintonen.fi/advisories/curl-ssh-insufficient-host-identity-verification.txt

#infosec #cybersecurity #nocve

you are viewing a single comment's thread
view the rest of the comments
[โ€“] SatyrSack@feddit.org 2 points 2 months ago (1 children)

Are there any good curl forks?

[โ€“] harrysintonen@infosec.exchange 2 points 2 months ago

@SatyrSack@feddit.org Curl will likely address this eventually even though they don't consider it a vulnerability. See https://github.com/curl/curl/issues/16197