Vulnerability Description
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b
- https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
- https://seclists.org/oss-sec/2024/q4/107
- http://www.openwall.com/lists/oss-security/2024/11/18/6
- https://security.netapp.com/advisory/ntap-20250321-0007/
FAQ
What is CVE-2024-10524?
CVE-2024-10524 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which ...
How severe is CVE-2024-10524?
CVE-2024-10524 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-10524?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.