CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10524 – GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
https://notcve.org/view.php?id=CVE-2024-10524
19 Nov 2024 — Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-31879
https://notcve.org/view.php?id=CVE-2021-31879
29 Apr 2021 — GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. GNU Wget versiones hasta 1.21.1, no omite el encabezado Authorization tras un redireccionamiento a un origen diferente, un problema relacionado con CVE-2018-1000007 • https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-5953 – wget: do_conversion() heap-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2019-5953
08 Apr 2019 — Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. El desbordamiento de búfer en GNU Wget 1.20.1 y versiones anteriores permite a los atacantes remotos causar una denegación de servicio (DoS) o pueden ejecutar un código arbitrario a través de vectores no especificados. A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identif... • http://jvn.jp/en/jp/JVN25261088/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20483 – wget: Information exposure in set_file_metadata function in xattr.c
https://notcve.org/view.php?id=CVE-2018-20483
26 Dec 2018 — set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on... • http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 3%CPEs: 12EXPL: 3CVE-2018-0494 – GNU wget - Cookie Injection
https://notcve.org/view.php?id=CVE-2018-0494
06 May 2018 — GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. GNU Wget en versiones anteriores a la 1.19.5 es propenso a una vulnerabilidad de inyección de cookies en la función resp_new en http.c mediante una secuencia \r\n en una línea de continuación. A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. Harry Sintonen... • https://packetstorm.news/files/id/147517 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 18%CPEs: 3EXPL: 0CVE-2017-13090 – GNU Wget: heap overflow in HTTP protocol handling
https://notcve.org/view.php?id=CVE-2017-13090
26 Oct 2017 — The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_... • http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 37%CPEs: 3EXPL: 2CVE-2017-13089 – GNU Wget: stack overflow in HTTP protocol handling
https://notcve.org/view.php?id=CVE-2017-13089
26 Oct 2017 — The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk ... • https://github.com/mzeyong/CVE-2017-13089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6508 – Ubuntu Security Notice USN-3464-1
https://notcve.org/view.php?id=CVE-2017-6508
07 Mar 2017 — CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. Vulnerabilidad de inyección CRLF en la función url_parse en url.c en Wget hasta la versión 1.19.1 permite a atacantes remotos inyectar encabezados HTTP arbitrarios a través de secuencias CRLF en el subcomponente del host de una URL. Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrec... • http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 3CVE-2016-7098 – GNU Wget < 1.18 - Access List Bypass / Race Condition
https://notcve.org/view.php?id=CVE-2016-7098
26 Sep 2016 — Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Condición de carrera en wget1.17 y versiones anteriores, cuando es utilizado en modo recursivo o de reflejo para descargar un único archivo, podría permitir a servidores remotos eludir las restricciones de lista destinadas al acceso manteniendo una conexión HTTP abierta. Antti Levomaki, Christia... • https://packetstorm.news/files/id/139895 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 93%CPEs: 10EXPL: 9CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-4971
21 Jun 2016 — GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expe... • https://packetstorm.news/files/id/162395 • CWE-73: External Control of File Name or Path •