curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup
curl.se/docs/CVE-2023-27538.html
github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb
github.com/curl/curl/pull/10735
hackerone.com/reports/1898475
lists.debian.org/debian-lts-announce/2023/04/msg00025.html
lists.fedoraproject.org/archives/list/[email protected]/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202310-12
security.netapp.com/advisory/ntap-20230420-0010/