CVE-2025-14524

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...

GHSA-g897-jvjx-78vg

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

BDU:2026-02955

Уязвимость программного средства для взаимодействия с серверами cURL, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации