CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
Configurations

No configuration.

History

21 Mar 2025, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250321-0007/ -

21 Nov 2024, 08:48

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/11/18/6 -
Summary
  • (es) Las aplicaciones que utilizan Wget para acceder a un recurso remoto mediante URL abreviadas y pasan credenciales de usuario arbitrarias en la URL son vulnerables. En estos casos, los atacantes pueden introducir credenciales creadas que harán que Wget acceda a un host arbitrario.

19 Nov 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-19 15:15

Updated : 2025-03-21 18:15


NVD link : CVE-2024-10524

Mitre link : CVE-2024-10524

CVE.ORG link : CVE-2024-10524


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)