url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NGnu Wget
APPGnu≤ 1.24.5
Related vulnerabilities
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or m...
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url m...
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked i...
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When...
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, m...