ALPINE-CVE-2013-4407
- Source
- https://security.alpinelinux.org/vuln/CVE-2013-4407
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2013-4407.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALPINE-CVE-2013-4407
- Upstream
- Published
- 2013-11-23T18:55:04.657Z
- Modified
- 2025-11-19T05:58:26.542030Z
- Summary
- [none]
- Details
-
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
- References
Affected packages
Alpine:v3.16 / perl-http-body
Package
- Name
- perl-http-body
- Purl
- pkg:apk/alpine/perl-http-body?arch=source
Alpine:v3.17 / perl-http-body
Package
- Name
- perl-http-body
- Purl
- pkg:apk/alpine/perl-http-body?arch=source
Alpine:v3.18 / perl-http-body
Package
- Name
- perl-http-body
- Purl
- pkg:apk/alpine/perl-http-body?arch=source