url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Related CVEs

CVE-2024-38428

Key Information

GHSA ID

GHSA-2j66-vp53-phjj

Published

June 16, 2024 3:30 AM

Last Modified

April 21, 2025 12:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 10, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.