vulnerability

Arch Linux: Information disclosure (CVE-2021-31879)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Apr 29, 2021	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Apr 29, 2021

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.

Solution

arch-linux-upgrade-latest

References

CVE-2021-31879
https://attackerkb.com/topics/CVE-2021-31879
URL-https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
URL-https://security.netapp.com/advisory/ntap-20210618-0002/
CWE-601

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today