MGASA-2026-0149

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0149.html

Import Source

https://advisories.mageia.org/MGASA-2026-0149.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0149

Upstream

CVE-2026-8612

Published

2026-05-18T19:12:53Z

Modified

2026-05-18T19:15:07.134542Z

Summary

Updated perl-WWW-Mechanize-Cached, perl-File-XDG & perl-Path-Tiny packages fix security vulnerabilities

Details

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / perl-WWW-Mechanize-Cached

Package

Name: perl-WWW-Mechanize-Cached
Purl: pkg:rpm/mageia/perl-WWW-Mechanize-Cached?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0149.json"

Mageia:9 / perl-Path-Tiny

Package

Name: perl-Path-Tiny
Purl: pkg:rpm/mageia/perl-Path-Tiny?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.150.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0149.json"

Mageia:9 / perl-File-XDG

Package

Name: perl-File-XDG
Purl: pkg:rpm/mageia/perl-File-XDG?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.30.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0149.json"