A high severity vulnerability in curl is due to be announced at 6am UTC, tomorrow: github.com/curl/curl/di... "probably the worst curl security flaw in a long time" 🍿
now we just need another imagemagick vuln to complete the circle
incredible run for badger & cURL though
damn, currrl
Daniel's disclosure that some of it is related to a bug in code he wrote over 20 years ago 💀
thanks for the heads up! kicked this over to our researchers (who were distracted by patch Tuesday)
And everyone said “oh shit”
What I’m reading is that this is a really good time to go for a walk and breathe autumn air until major patches are pushed out
Do we know if it was exploited in the wild at all before it was found?
what's the over/under on this being as bad as Shellshock