CVE-2024-10524

Name
CVE-2024-10524
Description
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://seclists.org/oss-sec/2024/q4/107
third-party-advisory https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
patch https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778

Match rules

CPE URI Source package Min version Max version
wget >= 0 < 1.25.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wget edge-main 1.25.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
wget 3.20-main 1.24.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.19-main 1.21.4-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.18-main 1.21.4-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.17-main 1.21.4-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable