AZL-54240

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54240.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-54240

Upstream

CVE-2024-11053

Published

2024-12-11T08:15:05Z

Modified

2026-04-01T05:18:13.243389Z

Summary

CVE-2024-11053 affecting package mysql for versions less than 8.0.41-1

Details

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11053

Affected packages

Azure Linux:2 / mysql

Package

Name: mysql
Purl: pkg:rpm/azure-linux/mysql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.41-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54240.json"