HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 up to and including 1.22, prior to 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote malicious users to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
http-body project http-body 1.05 |
||
http-body project http-body 1.01 |
||
http-body project http-body 0.2 |
||
http-body project http-body 0.9 |
||
http-body project http-body |
||
http-body project http-body 0.8 |
||
http-body project http-body 0.5 |
||
http-body project http-body 1.12 |
||
http-body project http-body 1.04 |
||
http-body project http-body 1.10 |
||
http-body project http-body 1.02 |
||
http-body project http-body 0.4 |
||
http-body project http-body 1.08 |
||
http-body project http-body 0.6 |
||
http-body project http-body 0.03 |
||
http-body project http-body 1.14 |
||
http-body project http-body 1.07 |
||
http-body project http-body 1.15 |
||
http-body project http-body 1.00 |
||
http-body project http-body 0.7 |
||
http-body project http-body 1.09 |
||
http-body project http-body 1.11 |
||
http-body project http-body 1.06 |
||
http-body project http-body 0.01 |
||
http-body project http-body 1.03 |
||
http-body project http-body 1.16 |