Harry Sintonen discovered that curl incorrectly handled mixed case cookie
domains. A remote attacker could possibly use this issue to set cookies
that get sent to different and unrelated sites and domains.

Read More