Fernando Muã±Oz

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 7.51.0 **Description** The issue arises when the host name part of a URL ends with a `#` character, causing curl to incorrectly parse the authority component of the URL. This could lead to curl connecting to a different host, potentially resulting in security implications. For instance, if an RFC-compliant URL parser is used to check for allowed domains before requesting them with curl, the incorrect parsing could allow access to unauthorized domains. The problem is not limited to a specific protocol scheme. **Recommendations** For versions prior to 7.51.0, update to version 7.51.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of URLs with a `#` character at the end of the host name part until the update is applied. Restrict access to URLs that could potentially exploit this issue to minimize the risk of unauthorized connections.