VYPR

rpm package

almalinux/perl-HTTP-Daemon

pkg:rpm/almalinux/perl-HTTP-Daemon

Vulnerabilities (1)

  • CVE-2026-8450CriMay 27, 2026
    affected < 6.12-6.el9_8.1fixed 6.12-6.el9_8.1

    HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path