wget is vulnerable to CRLF injection. The url_parse
function in url.c
allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
CPE | Name | Operator | Version |
---|---|---|---|
wget:stretch | eq | 1.18-5+deb9u3 | |
wget:stretch | eq | 1.18-5+deb9u3 |