CVE-2016-4971
wget - security update
8.8
HIGH
CVSS 3.1
EPSS 73.8%
Description
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
How to fix CVE-2016-4971
To remediate CVE-2016-4971, upgrade the affected package to a fixed version below.
- Alpine/wget—upgrade to 1.17.1-r1 or later
- Debian/wget—upgrade to 1.18-1 or later
- —upgrade to 1.13.4-3+deb7u3 or later
Is CVE-2016-4971 being exploited?
Likely — EPSS is 73.8%, placing CVE-2016-4971 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1.17.1-r1
- from 0, < 1.18-1
- from 0, < 1.13.4-3+deb7u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |