url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 28 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel Eus

Fri, 16 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
Vendors & Products Redhat enterprise Linux

Thu, 08 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu wget
Weaknesses CWE-436
CPEs cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu wget
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Tue, 06 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-16T00:00:00

Updated: 2024-11-15T13:08:17.232Z

Reserved: 2024-06-16T00:00:00

Link: CVE-2024-38428

cve-icon Vulnrichment

Updated: 2024-11-15T13:08:17.232Z

cve-icon NVD

Status : Modified

Published: 2024-06-16T03:15:08.430

Modified: 2024-11-21T09:25:48.560

Link: CVE-2024-38428

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-01T00:00:00Z

Links: CVE-2024-38428 - Bugzilla