Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Fri, 21 Mar 2025 18:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Fri, 22 Nov 2024 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Fri, 22 Nov 2024 12:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 19 Nov 2024 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Gnu Gnu wget | |
| CPEs | cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:* | |
| Vendors & Products | Gnu Gnu wget | |
| Metrics | ssvc 
 | 
Tue, 19 Nov 2024 14:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. | |
| Title | GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs | |
| Weaknesses | CWE-918 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: JFROG
Published: 2024-11-19T14:23:09.718Z
Updated: 2025-03-21T18:03:44.339Z
Reserved: 2024-10-30T08:59:30.617Z
Link: CVE-2024-10524
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-03-21T18:03:44.339Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-11-19T15:15:06.740
Modified: 2025-03-21T18:15:32.323
Link: CVE-2024-10524
 Redhat
                        Redhat