When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
7.81.0-1ubuntu1.228.5.0-2ubuntu10.78.14.1-2ubuntu1.17.32.0-1ubuntu17.33.0-1ubuntu17.34.0-1ubuntu17.35.0-1ubuntu17.35.0-1ubuntu27.35.0-1ubuntu2.17.35.0-1ubuntu2.107.35.0-1ubuntu2.117.35.0-1ubuntu2.127.35.0-1ubuntu2.13+31 more7.43.0-1ubuntu27.45.0-1ubuntu17.46.0-1ubuntu17.47.0-1ubuntu17.47.0-1ubuntu27.47.0-1ubuntu2.17.47.0-1ubuntu2.117.47.0-1ubuntu2.127.47.0-1ubuntu2.137.47.0-1ubuntu2.14+26 more7.55.1-1ubuntu27.55.1-1ubuntu2.17.57.0-1ubuntu17.58.0-2ubuntu17.58.0-2ubuntu27.58.0-2ubuntu37.58.0-2ubuntu3.17.58.0-2ubuntu3.107.58.0-2ubuntu3.127.58.0-2ubuntu3.13+25 more7.65.3-1ubuntu37.65.3-1ubuntu47.66.0-1ubuntu17.67.0-2ubuntu17.68.0-1ubuntu17.68.0-1ubuntu27.68.0-1ubuntu2.17.68.0-1ubuntu2.107.68.0-1ubuntu2.117.68.0-1ubuntu2.12+19 moreExploitability
AV:NAC:HPR:NUI:RScope
S:UImpact
C:HI:NA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N