CVE-2010-2252
published 2010-07-06CVE-2010-2252: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wget | < wget 1.12-2.1 (bookworm) | wget 1.12-2.1 (bookworm) |
| gnu | wget | <= 1.12 | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | >= 0 < 1.12-2.1 | 1.12-2.1 |
| gnu | wget | >= 0 < 1.12-2.1 | 1.12-2.1 |
| gnu | wget | >= 0 < 1.12-2.1 | 1.12-2.1 |
| gnu | wget | >= 0 < 1.12-2.1 | 1.12-2.1 |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM