{"id":"MGASA-2019-0015","summary":"Updated wget packages fix security vulnerability","details":"Since version 1.19 Wget stores the URL and in certain cases the\n'Referer' URL within extended attributes (xattrs) of the file system\n- by default.\nThis includes username + password and other credentials or private data\n*if* those have been used within the URLs. Anyone with read access to\nthose files might also read the xattrs and might use the data.\nWget 1.20.1 or higher will not use xattrs by default any more. To enable\nit again you have to use the --xattr option or xattr command for .wgetrc\nfiles. (CVE-2018-20483)\n","modified":"2026-02-01T21:36:41.148165Z","published":"2019-01-05T21:49:27Z","related":["CVE-2018-20483"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0015.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24109"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2019/01/01/1"}],"affected":[{"package":{"name":"wget","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wget?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0015.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}