VDB

GCVE-VVD-MAGEIA-2019-15

GCVE-VVD-MAGEIA-2019-15
Advisory Published
Vulnetix · Advisory published February 20, 2019
Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default. This includes username + password and other credentials or private data *if* those have been used within the URLs. Anyone with read access to those files might also read the xattrs and might use the data. Wget 1.20.1 or higher will not use xattrs by default any more. To enable it again you have to use the --xattr option or xattr command for .wgetrc files. (CVE-2018-20483)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-pear-CAS0 (affected), 1.3.6-1.1.mga6 (unaffected)
Mageiawget0 (affected), 1.20.1-1.mga6 (unaffected), 0 (affected), 1.20.1-1.mga6 (unaffected)

References

Updated wget packages fix security vulnerability
advisory
Updated wget packages fix security vulnerability
issue
Updated wget packages fix security vulnerability
issue
Updated php-pear-CAS packages fixes install path
advisory
Updated php-pear-CAS packages fixes install path
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›