Symeon Paraschoudis discovered that the curl_easy_duphandle function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle to be used in that order, and then the duplicate handle must be used to perform the ...