CVE-2014-4877

EPSS 74.3%

wget - security update

發布日:2014/10/29修改日:2026/4/28

描述

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

受影響套件(3)

Debian/wgetfrom 0, < 1.16-1
Debian/wgetfrom 0, < 1.12-2.1+deb6u1
Debian/wgetfrom 0, < 1.13.4-3+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-4877