Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (4)
| Vulnerability |
Summary |
Aliases |
|
VCID-4ntu-mvzh-eqh4
|
Multiple vulnerabilities were found in Bugzilla, the worst of which
leading to privilege escalation.
|
CVE-2010-2761
|
|
VCID-av9c-xkux-qqab
|
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
|
CVE-2010-4410
|
|
VCID-bmvq-9v68-zue4
|
Multiple vulnerabilities were found in Bugzilla, the worst of which
leading to privilege escalation.
|
CVE-2010-4411
|
|
VCID-ez1w-qcsf-zbgp
|
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters. As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks. The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete. Impact By injecting %0A (newline) into a query string parameter, an attacker can: * Break the current HTTP header * Inject a new header or entire body * Deliver a script payload that is reflected in the server’s response That can lead to the following attacks: * reflected XSS * open redirect * cache poisoning * header manipulation
|
CVE-2025-40927
|