2026-02-25 07:20:47
curl
PUBLISHED
URLs containing percent-encoded slashes (`/` or ``) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.