What is the severity of CVE-2024-10524?

CVE-2024-10524 is considered a significant vulnerability due to potential data exposure through remote resource access with crafted URLs.

How do I fix CVE-2024-10524?

To fix CVE-2024-10524, ensure you update Wget to the latest version where this vulnerability has been patched by the maintainers.

Who is affected by CVE-2024-10524?

CVE-2024-10524 affects any applications that utilize Wget to access remote resources with shorthand URLs that involve arbitrary user credentials.

What types of attacks can be performed using CVE-2024-10524?

Using CVE-2024-10524, attackers can exploit the vulnerability to access arbitrary hosts by crafting malicious credentials in the URL.

Is CVE-2024-10524 easy to exploit?

Yes, CVE-2024-10524 can be easily exploited by attackers who are knowledgeable about how Wget processes URLs with user credentials.

Vulnerability/
CVE-2024-10524

medium

6.5

CWE

918

18/11/2024

19/11/2024

21/11/2024

CVE-2024-10524: GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

First published: Mon Nov 18 2024(Updated: )

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Credit: reefs@jfrog.com

Affected Software	Affected Version	How to fix
Wget

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-10524?
CVE-2024-10524 is considered a significant vulnerability due to potential data exposure through remote resource access with crafted URLs.
How do I fix CVE-2024-10524?
To fix CVE-2024-10524, ensure you update Wget to the latest version where this vulnerability has been patched by the maintainers.
Who is affected by CVE-2024-10524?
CVE-2024-10524 affects any applications that utilize Wget to access remote resources with shorthand URLs that involve arbitrary user credentials.
What types of attacks can be performed using CVE-2024-10524?
Using CVE-2024-10524, attackers can exploit the vulnerability to access arbitrary hosts by crafting malicious credentials in the URL.
Is CVE-2024-10524 easy to exploit?
Yes, CVE-2024-10524 can be easily exploited by attackers who are knowledgeable about how Wget processes URLs with user credentials.

collector/oss-sec
source/oss-sec
alias/CVE-2024-10524
agent/first-publish-date
agent/weakness
agent/title
agent/description
agent/type
agent/author
agent/severity
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
agent/references
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnu
canonical/wget

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.