CVE-2024-11053

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-11053
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11053.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-11053
Aliases
Downstream
Related
Published
2024-12-11T08:15:05Z
Modified
2025-07-31T16:59:28.241289Z
Summary
[none]
Details

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

References

Affected packages

Alpine:v3.18 / curl

Package

Name
curl
Purl
pkg:apk/alpine/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-r0

Affected versions

7.*

7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
7.84.0-r0
7.84.0-r1
7.84.0-r2
7.85.0-r0
7.86.0-r0
7.86.0-r1
7.87.0-r0
7.87.0-r1
7.87.0-r2
7.87.0-r3
7.88.0-r0
7.88.0-r1
7.88.1-r0
7.88.1-r1

8.*

8.0.0-r0
8.0.1-r0
8.0.1-r1
8.0.1-r2
8.1.0-r0
8.1.0-r1
8.1.0-r2
8.1.1-r0
8.1.1-r1
8.1.2-r0
8.2.0-r0
8.2.0-r1
8.2.1-r0
8.3.0-r0
8.4.0-r0
8.5.0-r0
8.9.0-r0
8.9.1-r0
8.9.1-r1

Alpine:v3.19 / curl

Package

Name
curl
Purl
pkg:apk/alpine/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-r0

Affected versions

7.*

7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
7.84.0-r0
7.84.0-r1
7.84.0-r2
7.85.0-r0
7.86.0-r0
7.86.0-r1
7.87.0-r0
7.87.0-r1
7.87.0-r2
7.87.0-r3
7.88.0-r0
7.88.0-r1
7.88.1-r0
7.88.1-r1

8.*

8.0.0-r0
8.0.1-r0
8.0.1-r1
8.0.1-r2
8.0.1-r3
8.1.0-r0
8.1.0-r1
8.1.0-r2
8.1.0-r3
8.1.1-r0
8.1.1-r1
8.1.2-r0
8.1.2-r1
8.1.2-r2
8.2.0-r0
8.2.0-r1
8.2.1-r0
8.3.0-r0
8.3.0-r1
8.4.0-r0
8.5.0-r0
8.9.0-r0
8.9.1-r0
8.9.1-r1

Alpine:v3.20 / curl

Package

Name
curl
Purl
pkg:apk/alpine/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-r0

Affected versions

7.*

7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
7.84.0-r0
7.84.0-r1
7.84.0-r2
7.85.0-r0
7.86.0-r0
7.86.0-r1
7.87.0-r0
7.87.0-r1
7.87.0-r2
7.87.0-r3
7.88.0-r0
7.88.0-r1
7.88.1-r0
7.88.1-r1

8.*

8.0.0-r0
8.0.1-r0
8.0.1-r1
8.0.1-r2
8.0.1-r3
8.1.0-r0
8.1.0-r1
8.1.0-r2
8.1.0-r3
8.1.1-r0
8.1.1-r1
8.1.2-r0
8.1.2-r1
8.1.2-r2
8.2.0-r0
8.2.0-r1
8.2.1-r0
8.3.0-r0
8.3.0-r1
8.4.0-r0
8.5.0-r0
8.5.0-r1
8.6.0-r0
8.6.0-r1
8.7.1-r0
8.8.0-r0
8.9.0-r0
8.9.1-r0
8.9.1-r1
8.9.1-r2
8.10.0-r0
8.10.1-r0
8.11.0-r0
8.11.0-r1
8.11.0-r2

Alpine:v3.21 / curl

Package

Name
curl
Purl
pkg:apk/alpine/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-r0

Affected versions

7.*

7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
7.84.0-r0
7.84.0-r1
7.84.0-r2
7.85.0-r0
7.86.0-r0
7.86.0-r1
7.87.0-r0
7.87.0-r1
7.87.0-r2
7.87.0-r3
7.88.0-r0
7.88.0-r1
7.88.1-r0
7.88.1-r1

8.*

8.0.0-r0
8.0.1-r0
8.0.1-r1
8.0.1-r2
8.0.1-r3
8.1.0-r0
8.1.0-r1
8.1.0-r2
8.1.0-r3
8.1.1-r0
8.1.1-r1
8.1.2-r0
8.1.2-r1
8.1.2-r2
8.2.0-r0
8.2.0-r1
8.2.1-r0
8.3.0-r0
8.3.0-r1
8.4.0-r0
8.5.0-r0
8.5.0-r1
8.6.0-r0
8.6.0-r1
8.7.1-r0
8.8.0-r0
8.8.0-r1
8.9.0-r0
8.9.1-r0
8.9.1-r1
8.9.1-r2
8.10.0-r0
8.10.0-r1
8.10.1-r0
8.11.0-r0
8.11.0-r1
8.11.0-r2

Alpine:v3.22 / curl

Package

Name
curl
Purl
pkg:apk/alpine/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-r0

Affected versions

7.*

7.19.2-r0
7.19.2-r1
7.19.4-r0
7.19.5-r0
7.19.6-r0
7.19.7-r0
7.19.7-r1
7.20.1-r0
7.20.1-r1
7.21.0-r0
7.21.1-r0
7.21.2-r0
7.21.3-r0
7.21.3-r1
7.21.4-r0
7.21.4-r1
7.21.5-r0
7.21.5-r1
7.21.6-r0
7.21.7-r0
7.21.7-r1
7.21.7-r2
7.22.0-r0
7.23.1-r0
7.24.0-r0
7.25.0-r0
7.26.0-r0
7.27.0-r0
7.27.0-r1
7.28.0-r0
7.28.1-r0
7.29.0-r0
7.30.0-r0
7.31.0-r0
7.32.0-r0
7.33.0-r0
7.33.0-r1
7.34.0-r0
7.34.0-r1
7.35.0-r0
7.36.0-r0
7.37.0-r0
7.37.1-r0
7.38.0-r0
7.39.0-r0
7.40.0-r0
7.41.0-r0
7.42.0-r0
7.42.1-r0
7.42.1-r1
7.43.0-r0
7.44.0-r0
7.45.0-r0
7.45.0-r1
7.46.0-r0
7.46.0-r1
7.46.0-r2
7.47.0-r0
7.47.1-r0
7.48.0-r0
7.49.0-r0
7.49.1-r0
7.50.0-r0
7.50.1-r0
7.50.2-r0
7.50.3-r0
7.50.3-r1
7.51.0-r0
7.51.0-r1
7.52.0-r0
7.52.1-r0
7.52.1-r1
7.53.0-r0
7.53.1-r0
7.53.1-r1
7.53.1-r2
7.53.1-r3
7.54.0-r0
7.54.1-r0
7.55.0-r0
7.55.1-r0
7.56.0-r0
7.56.1-r0
7.56.1-r1
7.57.0-r0
7.58.0-r0
7.58.0-r1
7.58.0-r2
7.59.0-r0
7.59.0-r1
7.60.0-r0
7.60.0-r1
7.61.0-r0
7.61.1-r0
7.62.0-r0
7.62.0-r1
7.62.0-r2
7.63.0-r0
7.64.0-r0
7.64.0-r1
7.64.1-r0
7.64.1-r1
7.64.1-r2
7.64.1-r3
7.65.0-r0
7.65.1-r0
7.65.3-r0
7.66.0-r0
7.67.0-r0
7.68.0-r0
7.69.0-r0
7.69.0-r1
7.69.1-r0
7.70.0-r0
7.70.0-r1
7.70.0-r2
7.71.0-r0
7.71.0-r1
7.71.1-r0
7.72.0-r0
7.73.0-r0
7.74.0-r0
7.75.0-r0
7.76.0-r0
7.76.1-r0
7.77.0-r0
7.77.0-r1
7.78.0-r0
7.78.0-r1
7.78.0-r2
7.79.0-r0
7.79.1-r0
7.80.0-r0
7.81.0-r0
7.81.0-r1
7.82.0-r0
7.82.0-r1
7.83.0-r0
7.83.1-r0
7.83.1-r1
7.84.0-r0
7.84.0-r1
7.84.0-r2
7.85.0-r0
7.86.0-r0
7.86.0-r1
7.87.0-r0
7.87.0-r1
7.87.0-r2
7.87.0-r3
7.88.0-r0
7.88.0-r1
7.88.1-r0
7.88.1-r1

8.*

8.0.0-r0
8.0.1-r0
8.0.1-r1
8.0.1-r2
8.0.1-r3
8.1.0-r0
8.1.0-r1
8.1.0-r2
8.1.0-r3
8.1.1-r0
8.1.1-r1
8.1.2-r0
8.1.2-r1
8.1.2-r2
8.2.0-r0
8.2.0-r1
8.2.1-r0
8.3.0-r0
8.3.0-r1
8.4.0-r0
8.5.0-r0
8.5.0-r1
8.6.0-r0
8.6.0-r1
8.7.1-r0
8.8.0-r0
8.8.0-r1
8.9.0-r0
8.9.1-r0
8.9.1-r1
8.9.1-r2
8.10.0-r0
8.10.0-r1
8.10.1-r0
8.11.0-r0
8.11.0-r1
8.11.0-r2

Debian:12 / curl

Package

Name
curl
Purl
pkg:deb/debian/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.88.1-10+deb12u10

Affected versions

7.*

7.88.1-10
7.88.1-10+deb12u1~bpo11+1
7.88.1-10+deb12u1
7.88.1-10+deb12u2
7.88.1-10+deb12u3~bpo11+1
7.88.1-10+deb12u3
7.88.1-10+deb12u4
7.88.1-10+deb12u5~bpo11+1
7.88.1-10+deb12u5
7.88.1-10+deb12u6~bpo11+1
7.88.1-10+deb12u6
7.88.1-10+deb12u7
7.88.1-10+deb12u8
7.88.1-10+deb12u9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / curl

Package

Name
curl
Purl
pkg:deb/debian/curl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.11.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Introduced
3266b35bbe21c68dea0dc7ccd991eb028e6d360c
Fixed
75a2079d5c28debb2eaa848ca9430f1fe0d7844c

Affected versions

Other

curl-7_76_0
curl-7_76_1
curl-7_77_0
curl-7_78_0
curl-7_79_0
curl-7_79_1
curl-7_80_0
curl-7_81_0
curl-7_82_0
curl-7_83_0
curl-7_83_1
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1
curl-8_10_0
curl-8_10_1
curl-8_11_0
curl-8_1_0
curl-8_1_1
curl-8_1_2
curl-8_2_0
curl-8_2_1
curl-8_3_0
curl-8_4_0
curl-8_5_0
curl-8_6_0
curl-8_7_0
curl-8_7_1
curl-8_8_0
curl-8_9_0
curl-8_9_1