A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget into processing crafted URLs.
CRLF injection vulnerability in the url_parse function in url.c in Wget through allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
Created wget tracking bugs for this issue:
Affects: fedora-all [bug 1429986]