ALT-PU-2024-13285-2

Package update wget in branch c9f2

Version1.21.3-alt1.c9f2.1

Published2024-10-01

Max severityCRITICAL

Severity:

Closed issues (2)

MEDIUM5.4

Уязвимость компонента userinfo URI менеджера загрузок GNU Wget, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Published: 2024-06-20Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N

References

CVE-2024-38428

CRITICAL9.1

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Published: 2024-06-16Modified: 2025-04-21

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References