The wget client version is vulnerable to arbitrary code execution.
GNU Wget contains a flaw that is triggered when handling server redirects to FTP resources, as the destination filename is obtained from the redirected URL and not original URL. With a specially crafted response, a context-dependent attacker may cause another filename to be used than intended, effectively allowing the attacker to execute arbitrary code.
It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.