fixup CVE-2024-9681.md words

curl · Nov 7, 2024 · aa8fded · aa8fded
1 parent 028f65d
commit aa8fded
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/CVE-2024-9681.md b/docs/CVE-2024-9681.md
@@ -42,7 +42,7 @@ was otherwise intended to *possibly* be protected.
 But:
 
 `example.com` as per above is deliberately setup for HSTS, and servers should
-probably expect that clients migth try upgrading to HTTPS for a while outside
+probably expect that clients might try upgrading to HTTPS for a while outside
 of the time range set in its headers.
 
 The access that fails in this scenario tries to use plain HTTP to the domain.
@@ -56,8 +56,8 @@ ends up in now and then completely without involving curl issues and therefore
 needs to have logic for. An application can for example work around the
 situation by simply toggling off HSTS.
 
-This bug is **not** considered a *C mistake* (ie not likely to have been
-avoided had we not been using C).
+This bug is **not** considered a *C mistake* (not likely to have been avoided
+had we not been using C).
 
 This flaw also affects the curl command line tool.