15 matches found
CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...
JLSEC-2026-120
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...
TencentOS Server 3: wget (TSSA-2024:0395)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0395 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CLSA-2025-1756409922 wget: Fix of CVE-2024-38428
CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...
wget: Fix of CVE-2024-38428
CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...
CLSA-2025-1756409198 wget: Fix of CVE-2024-38428
CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
Brocade Wget contains an improper input validation vulnerability. An attacker could exploit this via theuserinfosubcomponent of a URI to cause insecure behavior which could potentially cause improper authentication, exposure of sensitive information, or other serious data integrity issues...
wget: Misinterpretation of input may lead to improper behavior
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...
wget: Misinterpretation of input may lead to improper behavior
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...
wget: Misinterpretation of input may lead to improper behavior
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...
CLSA-2024-1723223949 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...
AZL-42691 CVE-2024-38428 affecting package wget for versions less than 1.21.2-3
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...
DEBIAN-CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...
GNU Wget Security Vulnerability
GNU Wget is a suite of free software from the US GNU community for making downloads over the network, which supports downloads over the three most common TCP/IP protocols, HTTP, HTTPS, and FTP. A security vulnerability exists in GNU Wget version 1.24.5, which stems from url.c incorrectly handling...
xzgrep Code Execution Vulnerability
xzgrep is a set of regular expression tools for searching compressed files. A security vulnerability exists in the scripts/xzgrep.in file in xzgrep, which stems from the program failing to properly handle filenames with semicolons. A remote attacker can exploit this vulnerability to execute...