When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username(without a password), like https://user@example.com/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no match for the specified user.
{
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "curl"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.14.1-2ubuntu1.4",
"binary_name": "libcurl4t64"
}
]
}
{
"priority_reason": "Upstream defined this as low severity",
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "curl"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.18.0-1ubuntu2.2",
"binary_name": "libcurl4t64"
}
]
}