Red Hat Security Advisory 2018-3052-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include cookie injection.
f5975ea258c2fe6852d1deedd5e06ccabe1785b100792ed5ddc73c11e571d15a
Gentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.
f98051cfe0e234d3b7f35e0d75a1b8a3b1b70161f829b8570cd7176b4985ee28
Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
ba3566c850ccf6c48ef0a37ff6c74078360e399ea9e44e131be4d6357ee2d852
Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908
Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194
Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.
a130e31b5d2e0a9bceae5d50afd56c7094c26cc99c1a05fbf1b6baf0f5a455ca
GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.
b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2