GNU Wget 1.20

CPE Details

GNU Wget 1.20
gnu
wget
1.20
2019-01-29
13h58 +00:00
2019-01-29
13h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:wget:1.20:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

wget

Version

1.20

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-38428 2024-06-15
22h00 +00:00		 url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
9.1
Critical
CVE-2021-31879 2021-04-29
01h03 +00:00		 GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
6.1
Medium
CVE-2019-5953 2019-05-17
13h25 +00:00		 Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
9.8
Critical
CVE-2018-20483 2018-12-26
17h00 +00:00		 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
7.8
High