url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | wget | <= 1.21.3-1 | wget_1.21.3-1_all.deb |
Debian | 11 | all | wget | <= 1.21-1+deb11u1 | wget_1.21-1+deb11u1_all.deb |
Debian | 10 | all | wget | <= 1.20.1-1.1 | wget_1.20.1-1.1_all.deb |
Debian | 999 | all | wget | <= 1.24.5-1 | wget_1.24.5-1_all.deb |
Debian | 13 | all | wget | <= 1.24.5-1 | wget_1.24.5-1_all.deb |