wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu wget 1.8 |
||
gnu wget 1.8.1 |
||
gnu wget 1.8.2 |
||
gnu wget 1.9 |
||
gnu wget 1.9.1 |