Dfandrich

**Name of the Vulnerable Software and Affected Versions** cURL versions (affected versions not specified) **Description** The issue is related to an error in the logic for removing protocols when a protocol selection parameter option disables all protocols without adding any. This allows the default set of protocols to remain in the allowed set. The flaw can be demonstrated with the command `curl --proto -all,-http http://curl.se`, which performs a request to curl.se with a plaintext protocol that has been explicitly disabled. The curl security team has assessed this as a low severity bug, noting it is unlikely to be encountered in real situations due to its impractical use case. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.