rpm package
suse/perl-HTTP-Daemon&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
pkg:rpm/suse/perl-HTTP-Daemon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8450 | Cri | 9.1 | < 6.01-150000.3.8.1 | 6.01-150000.3.8.1 | May 27, 2026 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path |
- affected < 6.01-150000.3.8.1fixed 6.01-150000.3.8.1
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path