Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 74.3%.
Path Traversal
RCE
Wget
NVD
GitHub
CVSS 2.0
9.3
EPSS
74.3%
Threat
5.6