JLSEC-2026-119

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-119.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-119.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-119
Upstream
  • EUVD-2024-33431
  • GHSA-mqrm-h2pw-9j9r
Published
2026-04-15T20:29:47.271Z
Modified
2026-04-15T21:01:54.909227982Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary...
Details

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10524",
            "published": "2024-11-19T15:15:06.740Z",
            "modified": "2026-04-15T00:35:42.020Z",
            "id": "CVE-2024-10524",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10524",
            "imported": "2026-04-15T19:04:58.966Z",
            "database_specific": {
                "status": "Deferred"
            }
        },
        {
            "published": "2024-11-19T15:31:54Z",
            "modified": "2025-03-21T18:32:31Z",
            "id": "GHSA-mqrm-h2pw-9j9r",
            "html_url": "https://github.com/advisories/GHSA-mqrm-h2pw-9j9r",
            "imported": "2026-04-15T19:04:58.738Z",
            "url": "https://api.github.com/advisories/GHSA-mqrm-h2pw-9j9r"
        },
        {
            "published": "2024-11-19T14:23:09Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-33431",
            "id": "EUVD-2024-33431",
            "modified": "2025-03-21T18:03:44Z",
            "imported": "2026-04-15T19:04:57.100Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2024-33431"
        }
    ]
}
References

Affected packages

Julia / wget_jll

Package

Name
wget_jll
Purl
pkg:julia/wget_jll?uuid=25883557-5102-5516-a11b-f84f27e871d7

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-119.json"