CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "wget-dbgsym": "1.15-1ubuntu1.14.04.3", "wget-udeb": "1.15-1ubuntu1.14.04.3", "wget-udeb-dbgsym": "1.15-1ubuntu1.14.04.3", "wget": "1.15-1ubuntu1.14.04.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "wget-dbgsym": "1.17.1-1ubuntu1.3", "wget-udeb": "1.17.1-1ubuntu1.3", "wget-udeb-dbgsym": "1.17.1-1ubuntu1.3", "wget": "1.17.1-1ubuntu1.3" } ] }