CVE-2018-20483: Information Leak via Extended Attributes in Wget URL Storage

Wget stores complete URLs (including embedded credentials, API tokens, and session IDs) in POSIX extended file attributes when the --xattr flag is used. Any local user with filesystem access can read these attributes using getfattr, exposing sensitive authentication information that was embedded in the URL. URLs containing userinfo (user:password@host), API tokens in query parameters, and session IDs are all leaked.