Vulnerability in Wget
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.
Affected products
- N/a Wget — versions WGet
References
- sintonen.fi/advisories/gnu-wget-cookie-injection.txt (x_refsource_MISC)
- RHSA-2018:3052 (x_refsource_REDHAT, vendor-advisory)
- savannah.gnu.org/bugs/ (x_refsource_MISC)
- git.savannah.gnu.org/cgit/wget.git/commit/ (x_refsource_MISC)
- GLSA-201806-01 (vendor-advisory, x_refsource_GENTOO)
- DSA-4195 (vendor-advisory, x_refsource_DEBIAN)
- 104129 (vdb-entry, x_refsource_BID)
- 1040838 (vdb-entry, x_refsource_SECTRACK)
- 44601 (exploit, x_refsource_EXPLOIT-DB)
- USN-3643-2 (x_refsource_UBUNTU, vendor-advisory)