curl follows HTTP(S) redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option. https://curl.se/docs/CVE-2022-27774.html CREATE(Triage):(User=admin) CVE-2022-27774 (https://nvd.nist.gov/vuln/detail/CVE-2022-27774)