HTTP::Daemon versions before 6.17 for Perl contain an OS command injection vulnerability in the send_file() function. The function uses Perl's two-argument open() with untrusted input, enabling attackers to execute arbitrary commands via pipe prefixes ('| cmd', 'cmd |'), create or truncate files via write-mode prefixes ('> path', '>> path'), and potentially leak subprocess output into HTTP responses.
WWW::Mechanize::Cached versions before 2.00 for Perl use a world-writable on-disk cache that deserializes cached HTTP responses via Storable::thaw, enabling local attackers to forge responses and potentially achieve code execution. The default Cache::FileCache backend creates directories under /tmp/FileCache with mode 0777 and no sticky bit, allowing any local user to modify cache entries. An attacker can [truncated]
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes. A redirect to an attacker [truncated]