9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.097 Low
EPSS
Percentile
94.2%
It was found that wget was susceptible to a symlink attack which could
create arbitrary files, directories or symbolic links and set their
permissions when retrieving a directory recursively through FTP.
By default, when retrieving ftp directories recursively and a symbolic
link is encountered, the symbolic link is traversed and the pointed-to
files are retrieved. This option poses a security risk where a malicious
FTP Server may cause Wget to write to files outside of the intended
directories through a specially crafted .listing file.