Fetch · Fetch · CVE-2024-45289
**Name of the Vulnerable Software and Affected Versions**
fetch versions (affected versions not specified)
**Description**
The issue arises from the fetch(3) library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by fetch(1) to pass the filename to the library is incorrect, effectively ignoring the option. As a result, fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.