A critical vulnerability, CVE-2024-38428, affecting GNU's widely-used Wget tool was identified and disclosed in June 2024, with a CVSS score of 9.1, indicating a high risk of exploitation. This vulnerability arises from the improper parsing of URLs containing semicolons in the userinfo segment, which can lead to misinterpretation of the host segment, potentially allowing attackers to redirect requests to malicious domains and execute attacks such as phishing, SSRF, and man-in-the-middle. Affected versions include all up to and including 1.24.5, and while a fixed version was not available at the time of publication, some Linux distributions had already provided patches. Mitigation strategies include preventing semicolons in the userinfo part of a URI or restricting user-provided data in this segment. The JFrog DevOps Platform has confirmed it is not vulnerable to this issue, and the JFrog Security Research team continues to monitor and report on such vulnerabilities.