curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Warning: using file:// on Windows with curl

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 16 Mar 2020 08:41:06 +0100 (CET)

On Mon, 16 Mar 2020, Jeffrey Walton wrote:

>> The conclusion we have come to is that this is a weakness or feature in the
>> Windows operating system itself, that we as an application cannot safely
>> protect users against.

> How did someone manage to get CVE-2019-15601 assigned to cURL for this? More
> useless crap from snake oil firms?

"Someone" reported the issue to us and we (the curl security team) considered
it a flaw. We then tried to filter paths to avoid triggering this behavior,
but recently we were made aware that it can be done numerous other ways as
well.

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-03-16