MidnightBSD

Advisories for http-body_project

CVE-2013-4407 MEDIUM

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
http-body_project http-body 0.03
http-body_project http-body 1.12
http-body_project http-body 1.05
http-body_project http-body 1.08
http-body_project http-body 1.02
http-body_project http-body 1.03
http-body_project http-body *
http-body_project http-body 1.07
http-body_project http-body 0.2
http-body_project http-body 0.5
http-body_project http-body 1.14
http-body_project http-body 0.01
http-body_project http-body 1.04
http-body_project http-body 1.15
http-body_project http-body 0.7
http-body_project http-body 1.00
http-body_project http-body 1.01
http-body_project http-body 0.6
http-body_project http-body 0.8
http-body_project http-body 1.06
http-body_project http-body 1.09
http-body_project http-body 1.16
http-body_project http-body 0.4
http-body_project http-body 0.9
http-body_project http-body 1.11
http-body_project http-body 1.10