diff options
| author | Divya Chellam <divya.chellam@windriver.com> | 2025-01-15 01:52:45 +0000 | 
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-01-24 07:59:38 -0800 | 
| commit | b84adcd9471bef77fc1c33564092e1f9fc4bf9c3 (patch) | |
| tree | 606331218b07fcae9ee7712a81ec50cc0a52c77c /scripts/lib/devtool/deploy.py | |
| parent | 7aa8128bf1744dc0dd4c68065d19e12c86443c46 (diff) | |
| download | poky-b84adcd9471bef77fc1c33564092e1f9fc4bf9c3.tar.gz | |
wget: fix CVE-2024-10524
Applications that use Wget to access a remote resource using
shorthand URLs and pass arbitrary user credentials in the URL
are vulnerable. In these cases attackers can enter crafted
credentials which will cause Wget to access an arbitrary host.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-10524
Upstream-patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778
(From OE-Core rev: 425c3f55bd316a563597ff6ff95f8104848e2f10)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/deploy.py')
0 files changed, 0 insertions, 0 deletions
