You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
This is a security issue for wget because they didn't require a flag for this action like curl does. I agree we should strip off the credentials when storing the url but the security impact of the current behavior is not like the wget CVE.
On 2 Jan 2019, at 10:14, Daniel Stenberg ***@***.***> wrote:
This is a security issue for wget because they didn't require a flag for this action like curl does. I agree we should strip off the credentials when storing the url but the security impact of the current behavior is not like the wget CVE.
Unless someone is interested in hacking on this now, I suggest that we add this to the TODO.
https://nvd.nist.gov/vuln/detail/CVE-2018-20483 contains the relevant information, can be reproduced by:
The text was updated successfully, but these errors were encountered: