CVE-2014-4877
published 2014-10-29CVE-2014-4877: Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
EXPLOIT
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wget | < wget 1.16-1 (bookworm) | wget 1.16-1 (bookworm) |
| gnu | wget | <= 1.15 | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | — | — |
| gnu | wget | >= 0 < 1.16-1 | 1.16-1 |
| gnu | wget | >= 0 < 1.16-1 | 1.16-1 |
| gnu | wget | >= 0 < 1.16-1 | 1.16-1 |
| gnu | wget | >= 0 < 1.16-1 | 1.16-1 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL