From aa8fded2d58f78a84a2b38fb73e3f18f939f44b5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 7 Nov 2024 23:45:31 +0100 Subject: [PATCH] fixup CVE-2024-9681.md words --- docs/CVE-2024-9681.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/CVE-2024-9681.md b/docs/CVE-2024-9681.md index 6849f3c2fb..551646423a 100644 --- a/docs/CVE-2024-9681.md +++ b/docs/CVE-2024-9681.md @@ -42,7 +42,7 @@ was otherwise intended to *possibly* be protected. But: `example.com` as per above is deliberately setup for HSTS, and servers should -probably expect that clients migth try upgrading to HTTPS for a while outside +probably expect that clients might try upgrading to HTTPS for a while outside of the time range set in its headers. The access that fails in this scenario tries to use plain HTTP to the domain. @@ -56,8 +56,8 @@ ends up in now and then completely without involving curl issues and therefore needs to have logic for. An application can for example work around the situation by simply toggling off HSTS. -This bug is **not** considered a *C mistake* (ie not likely to have been -avoided had we not been using C). +This bug is **not** considered a *C mistake* (not likely to have been avoided +had we not been using C). This flaw also affects the curl command line tool.