CVE-2024-38428

CVE Details

CVE-2024-38428

Last Update

8/16/2024

NIST CVE Summary

Url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Our Official Summary

This is a critical severity vulnerability that affects any Wget version up to and including 1.24.5. wget parses URIs in a way that causes user information to be considered part of the host if it contains a semicolon. This means that the host part of the URI could be interpreted incorrectly and be abused by attackers that control the userinfo. The CVE is only exploitable when a vulnerable wget version is used in specific conditions. Risk of this vulnerability getting exploited in Spectro Cloud products is low. Need updates from the 3rd party vendor to fix the vulnerability.

CVE Severity

9.1

Status

Ongoing

Affected Products & Versions

Palette VerteX 4.4.14, 4.4.18
Palette Enterprise 4.4.18

Revision History

1.0 08/16/2024 Initial Publication
2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​