Описание
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | wget | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wget | Will not fix | ||
| Red Hat Enterprise Linux 9 | wget | Fix deferred | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/instructlab-nvidia-rhel9 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
Applications that use Wget to access a remote resource using shorthand ...
EPSS
6.5 Medium
CVSS3