CVE-2018-0494

Description

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

Affected packages (4)

• Alpine/wgetfrom 0, < 1.19.5-r0
• Debian/wgetfrom 0, < 1.19.5-1
• Debian/wgetfrom 0, < 1.13.4-3+deb7u6
• Debian/wgetfrom 0, < 1.16-1+deb8u5

CVSS scores

References (2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-0494
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-0494