VulnerableCode Package Details - pkg:deb/ubuntu/wget@1.19.3-2ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/wget@1.19.3-2ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/wget@1.19.3-2ubuntu1

Next non-vulnerable version	1.19.4-1ubuntu2.2
Latest non-vulnerable version	1.19.4-1ubuntu2.2
Risk	10.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-fx6n-bwtu-aaas Aliases: CVE-2019-5953	Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.	1.19.4-1ubuntu2.2 Affected by 0 other vulnerabilities.
VCID-mapt-tfmg-aaan Aliases: CVE-2018-0494	GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.	1.19.4-1ubuntu2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uuud-1dgw-aaah Aliases: CVE-2018-20483	set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.	1.19.4-1ubuntu2.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version