Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
Max CVSS
8.1
EPSS Score
3.57%
Published
2016-09-26
Updated
2017-09-03
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Max CVSS
8.8
EPSS Score
95.34%
Published
2016-06-30
Updated
2023-02-12
2 vulnerabilities found