It was found that wget was susceptible to a symlink attack which could
create arbitrary files, directories or symbolic links and set their
permissions when retrieving a directory recursively through FTP.
By default, when retrieving ftp directories recursively and a symbolic
link is encountered, the symbolic link is traversed and the pointed-to
files are retrieved. This option poses a security risk where a malicious
FTP Server may cause Wget to write to files outside of the intended
directories through a specially crafted .listing file.