AZL-53235

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53235.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-53235

Upstream

CVE-2024-10524

Published

2024-11-19T15:15:06Z

Modified

2026-04-01T05:17:59.619601Z

Summary

CVE-2024-10524 affecting package wget for versions less than 1.21.2-4

Details

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10524

Affected packages

Azure Linux:2 / wget

Package

Name: wget
Purl: pkg:rpm/azure-linux/wget

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.2-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53235.json"