Stigtsp

**Name of the Vulnerable Software and Affected Versions** HTTP::Daemon versions prior to 6.17 **Description** OS command injection is possible through the `send file()` function. This occurs because `send file()` utilizes Perl's 2-arg open() function, which interprets magic prefixes. Specifically, prefixes like '| cmd' and 'cmd |' open a pipe to a subprocess, while '> path' and '>> path' open a path for writing or appending. If untrusted input is passed to `send file()`, OS commands can be executed with the daemon process UID. Additionally, the read-pipe form ('cmd |') can leak subprocess stdout into the HTTP response body, and write-mode forms can create or truncate files at paths chosen by an attacker. **Recommendations** Update to version 6.17 or later. As a temporary workaround, restrict or avoid passing untrusted input to the `send file()` function.

**Name of the Vulnerable Software and Affected Versions** Net::CIDR::Lite versions prior to 0.24 **Description** Net::CIDR::Lite for Perl fails to properly validate IP address and CIDR mask inputs. Inputs containing non-ASCII digit characters or a trailing newline pass validation but are re-encoded by the parser into an address different from the original input string. This can cause the `find()` and `bin find()` functions to incorrectly match or miss addresses, potentially leading to an IP Access Control List (ACL) bypass. **Recommendations** Update to version 0.24 or later.

**Name of the Vulnerable Software and Affected Versions** Net::CIDR::Lite versions prior to 0.24 **Description** Improper validation of CIDR mask values allows extraneous zero characters to be processed. Mask forms such as "/00" and "/01" pass validation and are parsed as the same prefix as their unpadded equivalents, which may lead to an IP Access Control List (ACL) bypass. **Recommendations** Update to version 0.24 or later.