VYPR

rpm package

suse/perl-HTTP-Daemon&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/perl-HTTP-Daemon&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (1)

  • CVE-2026-8450CriMay 27, 2026
    affected < 6.16-160000.3.1fixed 6.16-160000.3.1

    HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path