Wget Flaw Patched

“It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP,” developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment.

The flaw was actually first reported to the GNU Wget project by HD Moore, chief research officer at Rapid 7. The vulnerability has now also been publicly identified as CVE-2014-4877.