14 matches found
Medium: perl-HTTP-Tiny
Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...
Medium: perl-HTTP-Tiny
Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...
Amazon Linux 2 : perl-HTTP-Tiny, --advisory ALAS2-2026-3326 (ALAS-2026-3326)
The version of perl-HTTP-Tiny installed on the remote host is prior to 0.033-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3326 advisory. HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The...
Amazon Linux 2023 : perl-HTTP-Tiny, perl-HTTP-Tiny-tests (ALAS2023-2026-1765)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1765 advisory. HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that...
Fedora 43 : perl-HTTP-Tiny (2026-3bfb774625)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3bfb774625 advisory. 0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 Tenable has extracted the preceding description block...
Fedora 44 : perl-HTTP-Tiny (2026-703a749924)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-703a749924 advisory. 0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 Tenable has extracted the preceding description block...
openSUSE 16 Security Update : perl-HTTP-Tiny (openSUSE-SU-2026:20792-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20792-1 advisory. Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent...
OPENSUSE-SU-2026:20792-1 Security update for perl-HTTP-Tiny
This update for perl-HTTP-Tiny fixes the following issues: Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 bsc1264992 - updated to 0.092 0.092 - No changes from...
OESA-2026-2374 perl-HTTP-Tiny security update
This is a very simple HTTP/1.1 client, designed for doing simple requests without the overhead of a large framework like LWP::UserAgent. Security Fixes: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are...
OESA-2026-2373 perl-HTTP-Tiny security update
This is a very simple HTTP/1.1 client, designed for doing simple requests without the overhead of a large framework like LWP::UserAgent. Security Fixes: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are...
perl-HTTP-Tiny-0.094-1.1 on GA media (moderate)
perl-HTTP-Tiny-0.094-1.1 on GA media Announcement ID: openSUSE-SU-2026:10805-1 Rating: moderate Cross-References: CVE-2026-7010 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Updated perl-HTTP-Tiny packages fix security vulnerability
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. CVE-2026-7010...
CVE-2026-7010
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...
CVE-2026-7010
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...