2 matches found
CVE-2026-14741
CVE-2026-14741 affects the Perl module HTTP::Date (versions before 6.08). The vulnerability arises in parse_date() where a chain of alternative regexes with unbounded quantifiers, combined with a trailing \s*$, can trigger polynomial (≈quadratic) backtracking in the date parser invoked by str2tim...
EUVD-2026-45190
HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parsedate. parsedate matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...