Vulnerabilities > GNU > Wget > 1.19.5

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2024-38428 Interpretation Conflict vulnerability in GNU Wget
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
network
low complexity
gnu CWE-436
critical
9.1
2021-04-29 CVE-2021-31879 Open Redirect vulnerability in multiple products
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
network
low complexity
gnu broadcom netapp CWE-601
6.1
2019-05-17 CVE-2019-5953 Out-of-bounds Write vulnerability in GNU Wget
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
network
low complexity
gnu CWE-787
critical
9.8
2018-12-26 CVE-2018-20483 Information Exposure vulnerability in GNU Wget
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr.
local
low complexity
gnu CWE-200
7.8