2 matches found
CVE-2026-3644
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...
GNU Wget Cookie Injection Vulnerability
GNU Wget is a free software package for retrieving files using the most widely used Internet protocols HTTP, HTTPS, FTP and FTPS. A cookie injection vulnerability exists in the respnew function in http.c in GNU Wget before 1.19.5. An attacker can exploit this vulnerability for cookie injection vi...