Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.
{ "binaries": [ { "binary_name": "wget", "binary_version": "1.15-1ubuntu1.14.04.2" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "wget", "binary_version": "1.17.1-1ubuntu1.1" } ], "availability": "No subscription required" }