CVE-2024-10524
6.5
MEDIUM
CVSS 3.1
EPSS 0.59%
Description
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
How to fix CVE-2024-10524
To remediate CVE-2024-10524, upgrade the affected package to a fixed version below.
- Alpine/wget—upgrade to 1.25.0-r0 or later
- —no fix listed
Is CVE-2024-10524 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.25.0-r0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L |