This issue was unfortunately reported publicly in the curl GitHub issue tracker as issue 6255. This flaw has existed in curl since commit 0825cd80a in curl 7.21.0. This functionality is not used by the curl tool so it is not affected. Further: it is not a very widely used feature. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2020-8285 to this issue. https://curl.se/docs/CVE-2020-8285.html CREATE(Triage):(User=admin) [CVE-2020-8285|https://nvd.nist.gov/vuln/detail/CVE-2020-8285]