wget | Discard "Authentication" and "Cookie" header (!42)

wget-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wget | Discard "Authentication" and "Cookie" header (!42)

From:	Valentin LEFEBVRE (@keentux)
Subject:	wget \| Discard "Authentication" and "Cookie" header (!42)
Date:	Wed, 04 Dec 2024 17:23:37 +0000


Valentin LEFEBVRE created a merge request: 
https://gitlab.com/gnuwget/wget/-/merge_requests/42

Project:Branches: keentux/wget:CVE-2021-31879 to gnuwget/wget:master
Author:   Valentin LEFEBVRE




If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
Fix CVE-2021-31879
Fix #5 

credit to @jmoellers

Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget/-/merge_requests/42
You're receiving this email because of your account on gitlab.com.

[Prev in Thread]

Current Thread

[Next in Thread]

wget | Discard "Authentication" and "Cookie" header (!42), Valentin LEFEBVRE (@keentux) <=

Prev by Date: Re: wget2 | Bad typecast `(size_t *) &config.chunk_size` to `(long long *)` (#684)
Next by Date: Re: wget2 | Metalink ignores -O (#685)
Previous by thread: Re: wget2 | Bad typecast `(size_t *) &config.chunk_size` to `(long long *)` (#684)
Next by thread: Re: wget2 | Metalink ignores -O (#685)
Index(es):
- Date
- Thread