CVE-2024-38428
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/06/2024
Last modified:
21/04/2025
Description
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* | 1.24.5 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
- https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
- https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html
- https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html
- https://security.netapp.com/advisory/ntap-20241115-0005/