this post was submitted on 05 Feb 2025
10 points (100.0% liked)

Cybersecurity

10 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
10
#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability , but the project disagree (infosec.exchange)
submitted 1 month ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io
4 comments fedilink hide all child comments
 

#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: https://sintonen.fi/advisories/curl-ssh-insufficient-host-identity-verification.txt

#infosec #cybersecurity #nocve

you are viewing a single comment's thread
view the rest of the comments
[–] harrysintonen@infosec.exchange 3 points 1 month ago

The latest curl version 8.12.0 (released today) is affected.