VDB
DEBIAN-CVE-2010-2252
DEBIAN-CVE-2010-2252
PUBLISHED
CVSS 9.300000190734863 CRITICAL
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | wget | 0, 0, 0 |
| Debian:13 | wget | 0, 0, 0 |
| Debian:14 | wget | 0, 0, 0 |
| Debian:12 | wget | 0, 0, 0 |
Timeline
- Jul 6, 2010 CVE Published
- Apr 28, 2026 CVE Updated