url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
References
Link | Resource |
---|---|
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace | Mailing List Patch |
https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html | Mailing List Patch |
Configurations
History
08 Aug 2024, 15:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
References | () https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace - Mailing List, Patch | |
References | () https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html - Mailing List, Patch | |
CPE | cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* | |
CWE | CWE-436 | |
First Time |
Gnu wget
Gnu |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-16 03:15
Updated : 2024-10-28 21:35
NVD link : CVE-2024-38428
Mitre link : CVE-2024-38428
CVE.ORG link : CVE-2024-38428
JSON object : View
Products Affected
gnu
- wget
CWE
CWE-436
Interpretation Conflict