perl-http-body is vulnerable to Unrestricted File Upload. The vulnerability is due to improper handling of the uploaded file’s name, where the suffix of a temporary file is derived from the part of the name after the first “.” character, potentially allowing remote attackers to exploit subsequent behaviour assuming a well-formed suffix.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161
git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346
git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git;a=commit;h=13ac5b23c083bc56e32dd706ca02fca292bd2161
git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git;a=commit;h=cc75c886256f187cda388641931e8dafad6c2346
lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html
www.debian.org/security/2013/dsa-2801
www.openwall.com/lists/oss-security/2024/04/07/1
metacpan.org/release/GETTY/HTTP-Body-1.23/
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
www.openwall.com/lists/oss-security/2024/04/07/1