Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 786957 (CVE-2021-31879) - net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
Summary: net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
Alias: CVE-2021-31879
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [upstream?]
Depends on:
Reported: 2021-04-29 19:08 UTC by Sam James
Modified: 2021-11-02 16:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-29 19:08:26 UTC
"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007."

See No reply from upstream though.
Comment 1 Larry the Git Cow gentoo-dev 2021-04-29 19:41:28 UTC Comment hidden (obsolete)
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2021-04-29 19:46:41 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:22:38 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:30:55 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:38:52 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:47:01 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:02:58 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:11:17 UTC Comment hidden (obsolete)
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-02 14:40:42 UTC seems to indicate it was fixed in 1.21.2 but I don't see another source for this yet.

I don't see a reference upstream.
Comment 10 Dongsu Park 2021-11-02 16:18:13 UTC
Thanks, you are right.
CVE-2021-31879 is indeed not fixed, according to .
We will continue following the issue in the future, and try to address correctly when there is news from the upstream wget.