wget: fix CVE-2024-10524 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-01-15 01:52:45 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-01-24 07:59:38 -0800
commit	b84adcd9471bef77fc1c33564092e1f9fc4bf9c3 (patch)
tree	606331218b07fcae9ee7712a81ec50cc0a52c77c /scripts/lib/argparse_oe.py
parent	7aa8128bf1744dc0dd4c68065d19e12c86443c46 (diff)
download	poky-b84adcd9471bef77fc1c33564092e1f9fc4bf9c3.tar.gz

wget: fix CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-10524 Upstream-patch: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 (From OE-Core rev: 425c3f55bd316a563597ff6ff95f8104848e2f10) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/argparse_oe.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: