wget - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1892 | 1.21.1-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-31879 | AVG-1892 | Medium | Yes | Information disclosure | GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-473 | 1.19.1-2 | 1.19.2-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-13090 | AVG-473 | Critical | Yes | Arbitrary code execution | A heap-based buffer overflow has been found in the HTTP protocol handling code of wget < 1.19.2, when processing chunked encoded HTTP responses. By tricking... |
| CVE-2017-13089 | AVG-473 | Critical | Yes | Arbitrary code execution | A stack-based buffer overflow has been found in the HTTP protocol handling code of wget < 1.19.2, when processing chunked, encoded HTTP responses. By... |
| CVE-2017-6508 | AVG-473 | Medium | Yes | Content spoofing | A CRLF injection flaw was found in the way wget < 1.19.2 handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests,... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 29 Oct 2017 | ASA-201710-34 | AVG-473 | Critical | multiple issues |