CVE-2021-31879 log

Severity Medium
Remote Yes
Type Information disclosure
A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.
Group Package Affected Fixed Severity Status Ticket
AVG-1892 wget 1.21.3-1 Medium Vulnerable
related issue to CVE-2018-1000007

Use `--max-redirect 0` when the request contains Authorization header to prevent wget to redirect the request.