AZL-54221

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54221.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-54221

Upstream

CVE-2024-11053

Published

2024-12-11T08:15:05Z

Modified

2026-04-01T05:18:12.722155Z

Summary

CVE-2024-11053 affecting package cmake for versions less than 3.30.3-3

Details

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11053

Affected packages

Azure Linux:3 / cmake

Package

Name: cmake
Purl: pkg:rpm/azure-linux/cmake

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.30.3-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54221.json"