rpm package
almalinux/perl-HTTP-Daemon
pkg:rpm/almalinux/perl-HTTP-Daemon
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8450 | Cri | 9.1 | < 6.12-6.el9_8.1 | 6.12-6.el9_8.1 | May 27, 2026 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path |
- affected < 6.12-6.el9_8.1fixed 6.12-6.el9_8.1
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path