CVE-2013-4407

Priority
Description
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for
Perl uses the part of the uploaded file's name after the first "."
character as the suffix of a temporary file, which makes it easier for
remote attackers to conduct attacks by leveraging subsequent behavior that
may assume the suffix is well-formed.
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.19-1])
More Information

Updated: 2020-09-10 02:46:39 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)