Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2021-31879

Published: 29/04/2021 Updated: 13/05/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Wget

Vulnerability Summary

GNU Wget up to and including 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu wget

broadcom brocade fabric operating system firmware -

netapp cloud backup -

netapp ontap select deploy administration utility -

netapp a250_firmware -

netapp 500f_firmware -

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-31879
Debian Bug report logs - #988209 CVE-2021-31879 Package: wget; Maintainer for wget is Noël Köthe <noel@debianorg>; Source for wget is src:wget (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 7 May 2021 19:18:03 UTC Severity: important Tags: security Found in version wget/121-1 ...
Arch Linux Issues:
GNU Wget through 1211 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007 ...
Amazon Linux 2022: ALAS2022-2022-134
A flaw was found in wget If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request This issue creates a password leak, as the second server receives the password The highest threat from this vulnerability is confi ...

Github Repositories

https://github.com/dgardella/KCC

KCC

Code Challenge Resolution Step1 : Generate dockerfile 1a : Generate docker image (py3venv) dmgardella@abacaxi:~/KCC (main %>)$ docker build -t dmg8/litecoin:118 Sending build context to Docker daemon 1952MB Step 1/17 : FROM ubuntu:2004 2004: Pulling from library/ubuntu Digest: sha256:9d6a8699fb5c9c39cf08a0871bd6219f0400981c570894cd8cbea30d3424a31f Status: Down

References

CWE-601https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.htmlhttps://security.netapp.com/advisory/ntap-20210618-0002/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988209https://nvd.nist.govhttps://github.com/dgardella/KCChttps://alas.aws.amazon.com/AL2022/ALAS-2022-134.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook