CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10524 – GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
https://notcve.org/view.php?id=CVE-2024-10524
19 Nov 2024 — Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.4EPSS: 0%CPEs: 23EXPL: 0CVE-2024-38428 – wget: Misinterpretation of input may lead to improper behavior
https://notcve.org/view.php?id=CVE-2024-38428
16 Jun 2024 — url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. url.c en GNU Wget hasta 1.24.5 maneja mal los puntos y comas en el subcomponente de información de usuario de un URI y, por lo tanto, puede haber un comportamiento inseguro en el que los datos que se suponía que estaban en el subcomponente de información d... • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-31879
https://notcve.org/view.php?id=CVE-2021-31879
29 Apr 2021 — GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. GNU Wget versiones hasta 1.21.1, no omite el encabezado Authorization tras un redireccionamiento a un origen diferente, un problema relacionado con CVE-2018-1000007 • https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-5953 – wget: do_conversion() heap-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2019-5953
08 Apr 2019 — Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. El desbordamiento de búfer en GNU Wget 1.20.1 y versiones anteriores permite a los atacantes remotos causar una denegación de servicio (DoS) o pueden ejecutar un código arbitrario a través de vectores no especificados. A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identif... • http://jvn.jp/en/jp/JVN25261088/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20483 – wget: Information exposure in set_file_metadata function in xattr.c
https://notcve.org/view.php?id=CVE-2018-20483
26 Dec 2018 — set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on... • http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 77%CPEs: 12EXPL: 3CVE-2018-0494 – GNU wget - Cookie Injection
https://notcve.org/view.php?id=CVE-2018-0494
06 May 2018 — GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. GNU Wget en versiones anteriores a la 1.19.5 es propenso a una vulnerabilidad de inyección de cookies en la función resp_new en http.c mediante una secuencia \r\n en una línea de continuación. A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. Harry Sintonen... • https://packetstorm.news/files/id/147517 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 9%CPEs: 3EXPL: 0CVE-2017-13090 – GNU Wget: heap overflow in HTTP protocol handling
https://notcve.org/view.php?id=CVE-2017-13090
26 Oct 2017 — The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_... • http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 55%CPEs: 3EXPL: 2CVE-2017-13089 – GNU Wget: stack overflow in HTTP protocol handling
https://notcve.org/view.php?id=CVE-2017-13089
26 Oct 2017 — The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk ... • https://github.com/mzeyong/CVE-2017-13089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6508 – Ubuntu Security Notice USN-3464-1
https://notcve.org/view.php?id=CVE-2017-6508
07 Mar 2017 — CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. Vulnerabilidad de inyección CRLF en la función url_parse en url.c en Wget hasta la versión 1.19.1 permite a atacantes remotos inyectar encabezados HTTP arbitrarios a través de secuencias CRLF en el subcomponente del host de una URL. Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrec... • http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.1EPSS: 6%CPEs: 1EXPL: 3CVE-2016-7098 – GNU Wget < 1.18 - Access List Bypass / Race Condition
https://notcve.org/view.php?id=CVE-2016-7098
26 Sep 2016 — Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Condición de carrera en wget1.17 y versiones anteriores, cuando es utilizado en modo recursivo o de reflejo para descargar un único archivo, podría permitir a servidores remotos eludir las restricciones de lista destinadas al acceso manteniendo una conexión HTTP abierta. Antti Levomaki, Christia... • https://packetstorm.news/files/id/139895 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •