CVE-2023-23914: curl HSTS ignored on multiple requests

Disclosed: 2023-02-15 09:06:16 By nyymi To curl

Low

Vulnerability Details

## Summary: curl tool HSTS doesn't work correctly when performing multiple requests within a single invocation. ## Steps To Reproduce: 1. `curl --hsts "" https://hsts.example.com http://hsts.example.com` The second request will be performed over HTTP regardless if correct HSTS header is returned by the first request. ## Impact Request performed over insecure channels unexpectedly and loss of confidentiality and integrity.

Actions

View on HackerOne

Report Stats

Report ID: 1813864
State: Closed
Substate: resolved
Upvotes: 6

CVE-2023-23914: curl HSTS ignored on multiple requests

Vulnerability Details

Actions

Report Stats

Share this report