VYPR
Unrated severityNVD Advisory· Published Jul 6, 2010· Updated Jun 16, 2026

CVE-2010-2252

CVE-2010-2252

Description

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • GNU/Wget19 versions
    cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*range: <=1.12
    • cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.12

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.