GNU Wget vulnerable to URL mishandling

CVE-2024-38428

9.1CRITICAL

Key Information

Vendor: GNU
Status: Wget
Vendor: CVE Published:; 16 June 2024

Summary

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 16, 2024
Vulnerability Reserved.
Jun 16, 2024

Collectors

NVD DatabaseMitre Database