MGASA-2026-0119

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0119.html

Import Source

https://advisories.mageia.org/MGASA-2026-0119.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0119

Upstream

CVE-2026-40560

Published

2026-05-07T05:06:13Z

Modified

2026-05-07T05:15:18.593348Z

Summary

Updated perl-Starman packages fix security vulnerability

Details

Starman versions before 0.4018 for Perl allow HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / perl-Starman

Package

Name: perl-Starman
Purl: pkg:rpm/mageia/perl-Starman?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.401.800-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0119.json"