All Products
Document Center

[Vulnerability notice] CVE-2014-4877: Wget FTP soft link attack vulnerability

Last Updated: Apr 02, 2018

Vulnerability description

Wget was reported to have a security vulnerability CVE-2014-4877. When Wget is used for recursion download of an FTP site, attackers can craft a malicious symlink file to trigger the vulnerability. Then, the attackers can create arbitrary files, directories, or symlinks and set access permissions in the Wget user system.

How to fix

Upgrade Wget to 1.16 or a later version through the official channel.