Your submission was sent successfully! Close

CVE-2018-0494

Published: 06 May 2018

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.19.4-1ubuntu2.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17.1-1ubuntu1.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.15-1ubuntu1.14.04.4)
Patches:
Other: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd