CNNVD-202508-3636 Information
CNNVD ID
CNNVD-202508-3636
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
MetaCPAN CGI::Simple是MetaCPAN基金会的一个Perl的模块。 MetaCPAN CGI::Simple 1.282之前版本存在安全漏洞,该漏洞源于HTTP响应拆分,可能导致反射型跨站脚本或开放重定向。
Description (English)
MetaCPAN CGI: :Simple is a Perl module of the MetaCPAN Foundation. There was a security loophole in the previous version of MetaCPAN CGI: :Simple 1.282, which originated from the HTTP response splits, which could lead to reflective cross-site scripts or open redirection.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MetaCPAN
Published
2025-08-29
Last Modified
2026-02-24
References
https://rt.perl.org/Public/Bug/Display.html?id=21951 https://owasp.org/www-community/attacks/HTTP_Response_Splitting https://metacpan.org/release/MANWAR/CGI-Simple-1.281/source/lib/CGI/Simple.pm#L1031-1035 https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm https://datatracker.ietf.org/doc/html/rfc7230#section-3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320 https://nvd.nist.gov/vuln/detail/CVE-2025-40927 https://vigilance.fr/vulnerability/Perl-CGI-Simple-header-injection-via-CRLF-48138
Patch
https://metacpan.org/release/MANWAR/CGI-Simple-1.281/diff/MANWAR/CGI-Simple-1.282/lib/CGI/Simple.pm
Share on: