libhttp-daemon-per is vulnerable to HTTP request smuggling. The vulnerability exists because most Perl based applications are served on top of Nginx or Apache, not on the HTTP::Daemon which allows an attacker to gain privileged access to APIs or poison intermediate caches.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-31081
metacpan.org/release/HTTP-Daemon/
cwe.mitre.org/data/definitions/444.html
datatracker.ietf.org/doc/html/rfc7230#section-9.5
github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0
github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2
github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf
lists.debian.org/debian-lts-announce/2022/09/msg00038.html
lists.fedoraproject.org/archives/list/[email protected]/message/7U4XEPZ5Q3LNOQF3E6EXFWVSEXU5IZ6T/
lists.fedoraproject.org/archives/list/[email protected]/message/ECJ4ZPBQWD3B2CD6RRIVMENB5KUOJ3LC/
lists.fedoraproject.org/archives/list/[email protected]/message/XQBW2D43TDNYX4R2YBTNNZDBNZ45DINN/
portswigger.net/research/http-desync-attacks-request-smuggling-reborn