FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wget -- cookie injection vulnerability

Affected packages
wget < 1.19.5

Details

VuXML ID 7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a
Discovery 2018-04-26
Entry 2018-05-08

Harry Sintonen of F-Secure Corporation reports:

GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file.

References

CVE Name CVE-2018-0494
FreeBSD PR ports/228071
URL https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt