The vulnerability CVE-2021-31879 in GNU Wget allows the Authorization header to be forwarded to a different origin (specifically, a different port on the same host) upon an HTTP redirect. I analyzed the commit 05530454940513c03561503eb916395216559758 from the Wget git repository, which addresses this issue. The commit modifies the create_authorization_line function in src/http.c. This function determines whether the Authorization header should be included in a request. The patch adds a condition to ensure that if the port differs in a redirect, the Authorization header is stripped by returning NULL. Therefore, the create_authorization_line function, in its pre-patch state, is the vulnerable function as it contained the flawed logic that led to the information disclosure. The function get_remote_file_headers calls create_authorization_line and is part of the vulnerable execution path when handling redirects, making it a relevant runtime indicator, but the core flaw resides in create_authorization_line's logic for header retention/stripping during redirects to a different port on the same host and scheme. The patch explicitly adds the port_differs check to this function to mitigate the vulnerability by ensuring the header is stripped under these conditions, which is direct evidence of the flaw's location and nature within this function. The vulnerability occurs because this function fails to remove the header when it should have been removed (when redirecting to a different port).