curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-31T21:00:00
Updated: 2024-08-06T02:27:41.205Z
Reserved: 2016-10-12T00:00:00
Link: CVE-2016-8624
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-31T21:29:00.367
Modified: 2024-11-21T02:59:42.323
Link: CVE-2016-8624
Redhat