The JFrog Security Research Team has posted about this vulnerability in:
https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
They say:
"The vulnerability, later assigned CVE-2024-10524, may lead to various types of
attacks – including phishing, SSRF, and MiTM. These attacks can
Severity: moderate
Affected versions:
- Apache Kafka Clients 2.3.0 through 3.5.2
- Apache Kafka Clients 3.6.0 through 3.6.2
- Apache Kafka Clients 3.7.0 through 3.7.1
Description:
Files or Directories Accessible to External Parties, Improper Privilege
Management vulnerability in Apache Kafka C
Severity: important
Affected versions:
- Apache Tomcat 11.0.0
- Apache Tomcat 10.1.31
- Apache Tomcat 9.0.96
Description:
Incorrect object recycling and reuse vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.
Users are recommended to upgrade to versio
Severity: important
Affected versions:
- Apache Tomcat 11.0.0-M23 through 11.0.0-M26
- Apache Tomcat 10.1.27 through 10.1.30
- Apache Tomcat 9.0.92 through 9.0.95
Description:
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.
Incorrect recycling of the request and respons
Severity: low
Affected versions:
- Apache Tomcat 11.0.0-M1 through 11.0.0-M26
- Apache Tomcat 10.1.0-M1 through 10.1.30
- Apache Tomcat 9.0.0-M1 through 9.0.95
Description:
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is
configured to use a custom Jakarta Authentication
