Hi,
This is an interesting, minor problem, with HSTS management in curl
Beginner friendly, easy to follow, CVE analysis and resolution.
Best regards,
This is an interesting, minor problem, with HSTS management in curl
Beginner friendly, easy to follow, CVE analysis and resolution.
curl disclosed on HackerOne: CVE-2024-9681: HSTS subdomain...
## Summary: Suppose my HSTS cache file has the following content: ``` .domain.com "20241107 01:02:03" .sub.domain.com "unlimited" ``` Now, I connect to https://sub.domain.com/. Suppose this domain now sets a HSTS policy: `Strict-Transport-Security: max-age=15768000 ; includeSubDomains`...
hackerone.com
Best regards,