VYPR

rpm package

opensuse/perl-HTTP-Daemon&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/perl-HTTP-Daemon&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-8450CriMay 27, 2026
    affected < 6.170.0-1.1fixed 6.170.0-1.1

    HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path

  • CVE-2022-31081Jun 27, 2022
    affected < 6.14-2.1fixed 6.14-2.1

    HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applica