HTTP-Daemon Security Advisories - Cpan | Ecosyste.ms: Advisories

HTTP-Daemon

A simple http server class

View on github.com · View on metacpan.org

Security Advisories for HTTP-Daemon in cpan

22 days ago

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' ... CPANSA-HTTP-Daemon-2026-8450

cpan HTTP-Daemon

Moderate

almost 4 years ago

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks ... CPANSA-HTTP-Daemon-2022-31081

cpan HTTP-Daemon

Filter by Severity