CVE-2019-3500
Published
CVSS v3
7.8
HIGH
CVSS v2
2.1
LOW
Affected
1
PROJECT
Description
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.
GitHub