perl-HTTP-Daemon-6.01-24.el8_10
エラータID: AXSA:2026-1220:01
The perl-HTTP-Daemon package includes the [HTTP::Daemon](HTTP::Daemon) class, a subclass of IO::Socket::IP. Instances of the [HTTP::Daemon](HTTP::Daemon) class are HTTP/1.1 servers that listen on a socket for incoming requests.
Security Fix(es):
* perl-HTTP-Daemon: [HTTP::Daemon:](HTTP::Daemon:) Arbitrary code execution via OS command injection in send_file() (CVE-2026-8450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path for write or append. Untrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form ('cmd |') also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths.
Update packages.
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path for write or append. Untrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form ('cmd |') also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths.
N/A
SRPMS
- perl-HTTP-Daemon-6.01-24.el8_10.src.rpm
MD5: 8b63bb3d0ca27414c9e58d60d9512a2b
SHA-256: 311482dc6a46759a1eab9a5f9e97de1ac30cfdaa00b17afab69fbb225730e313
Size: 38.26 kB
Asianux Server 8 for x86_64
- perl-HTTP-Daemon-6.01-24.el8_10.noarch.rpm
MD5: 4cc7a20c219414e4d46f6282630b013b
SHA-256: 260b00e290376002571a71d52ef87602fd25daa5e9a8bd168fd7aa8108e1a4ad
Size: 26.82 kB