Wget Security Vulnerabilities and Issues — Wget CVE List

Lucene search

GnuWget

5 matches found

CVE•added 2018/05/06 10:29 p.m.•227 views

CVE-2018-0494

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

6.5CVSS6.5AI score0.75788EPSS

CVE•added 2017/03/07 8:59 a.m.•166 views

CVE-2017-6508

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

6.1CVSS6.3AI score0.00143EPSS

CVE•added 2021/04/29 5:15 a.m.•162 views

CVE-2021-31879

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

6.1CVSS7.8AI score0.02915EPSS

CVE•added 2010/07/06 5:17 p.m.•132 views

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with ...

6.8CVSS7.2AI score0.0411EPSS

CVE•added 2009/09/30 3:30 p.m.•79 views

CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue ...

6.8CVSS6.1AI score0.01686EPSS