Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 (CVE-2023-38545) · curl/curl · Discussion #12026

taaz@biglemmowski.win to Programming@programming.dev – 62 points – Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026
github.com

Posted on twitter by Curl author Daniel Stenberg - https://nitter.cz/bagder/status/1709103920914526525

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including a fix for a severity HIGH CVE. Buckle up.

... But this time actually the worst security problem found in curl in a long time

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

4

I want to thank the curl developers for taking security issues seriously to keep me safe.

Now I'm going to go pipe another curl script output directly into a sudo bash command. /s

We need a version of /s for "I'm not actually doing this right now... but we know I still will..."