CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

gnu

wget

5 known vulnerabilities · sorted by CVSS score

CVE-2019-5953

CRITICAL9.8

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.

gnu / wget

Network

Published May 17, 2019

CVE-2024-38428

CRITICAL9.1

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

gnu / wget

Network

Published Jun 16, 2024

CVE-2018-20483

HIGH7.8

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

gnu / wget

Local

Published Dec 26, 2018

CVE-2018-0494

MEDIUM6.5

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

gnu / wget+11

Network

Published May 6, 2018

CVE-2021-31879

MEDIUM6.1

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

gnu / wget+5

Network

Published Apr 29, 2021