curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling

July 1, 2025 invoker category_news

Security Update News

Update Information

Title curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling
Update ID H1:3231321
Type hackerone
Published 2025-07-01T12:47:44
Last Updated 2025-07-01T14:20:30

Security Impact

Severity NONE

AI Analysis

AI Description A vulnerability in curl allows attackers to bypass HTTP proxies by using the `CURLOPT_CUSTOMREQUEST` option to tunnel custom HTTP verbs, potentially leading to unauthorized access.
AI Severity Medium
AI Vendor cURL project
AI Product curl
AI Version Not specified

Update Details

Vulnerability description not provided

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.