Gnu Wget
8 CVEs affecting Gnu Wget. Latest disclosed: 2024-11-19. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-13090 | High | 8.8 | 2017-10-27 | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strto… |
CVE-2017-13089 | High | 8.8 | 2017-10-27 | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19… |
CVE-2016-4971 | High | 8.8 | 2016-06-30 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. |
CVE-2016-7098 | High | 8.1 | 2016-09-26 | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended acce… |
CVE-2024-10524 | Medium | 6.5 | 2024-11-19 | Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attac… |
CVE-2017-6508 | Medium | 6.1 | 2017-03-07 | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequen… |
CVE-2014-4877 | | 2014-10-29 | Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequent… | |
CVE-2010-2252 | | 2010-07-06 | GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote… |