GHSA-25rx-86v8-32c6HighCVSS 7.5
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability in libcurl caused the HTTP Referer: header to persist even
when explicitly cleared. While the documentation states that passing NULL to
CURLOPT_REFERER suppresses the header, the option failed to clear the
internal state. As a result the previous referrer string was erroneously
reused and sent in subsequent requests, potentially leaking sensitive
information to unintended servers.