Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when
the --remote-header-name or -J option is used, allows remote servers to
create or overwrite arbitrary files by using \ (backslash) as a separator
of path components within the Content-disposition HTTP header.
jdstrand> from curl advisory: Operating systems affected include Windows,
Netware, MSDOS, OS/2 and Symbian.
Updated: 2016-03-23 03:37:55 UTC (commit 10817)