Http-body Project : Security Vulnerabilities, CVEs,
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
Max CVSS
6.8
EPSS Score
1.55%
Published
2013-11-23
Updated
2024-04-12
1 vulnerabilities found