VYPR

rpm package

suse/perl-HTTP-Daemon&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

pkg:rpm/suse/perl-HTTP-Daemon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Vulnerabilities (1)

  • CVE-2026-8450CriMay 27, 2026
    affected < 6.01-150000.3.8.1fixed 6.01-150000.3.8.1

    HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path