Problemunvalidated
wget -d 'http://user;evil@example.com/' will attempt to resolve 'user;evil@example.com' instead of 'example.com'. Tension: RFC 2396 explicitly allows ';' as a valid character inside the userinfo component. Outcome: This is CVE-2024-38428, fixed in wget 1.24.5.
71dacac6-9879-4efb-b312-8b0d41c78a08
wget -d 'http://user;evil@example.com/' will attempt to resolve 'user;evil@example.com' instead of 'example.com'. Tension: RFC 2396 explicitly allows ';' as a valid character inside the userinfo component. Outcome: This is CVE-2024-38428, fixed in wget 1.24.5.