An issue has been found in libcurl from7.62.0 up to and including 7.70.0, which can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s).
An issue has been found in libcurl from7.62.0 up to and including 7.70.0, which can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s).
https://curl.haxx.se/docs/CVE-2020-8169.html