🏦 curl Report⚠️ Title: Path Traversal Vulnerability in curl via Unsanitized IPFS_PATH Environment Variable 🔍 Reporter: ziad616 (Ziad Salah)📋 Details:└ 📊 Status: not-applicable└ ⚡ Severity: High└ 🎯 CWE: Path Traversal└ 🔢 CVE: None⏰ Timeline:└ 🔓 Disclosed: 2025-06-28 21:11:42 UTC└ 📝 Created: 2025-04-18 17:41:19 UTC

🏦 curl Report
⚠️ Title: Path Traversal Vulnerability in curl via Unsanitized IPFS_PATH Environment Variable
🔍 Reporter: ziad616 (Ziad Salah)

📋 Details:
└ 📊 Status: not-applicable
└ ⚡ Severity: High
└ 🎯 CWE: Path Traversal
└ 🔢 CVE: None

⏰ Timeline:
└ 🔓 Disclosed: 2025-06-28 21:11:42 UTC
└ 📝 Created: 2025-04-18 17:41:19 UTC

HackerOne

curl disclosed on HackerOne: Path Traversal Vulnerability in curl...

A path traversal vulnerability exists in curl versions with IPFS support (7.81.0+). The IPFS_PATH environment variable is not properly sanitized, allowing attackers to read arbitrary files by...