Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: perl5Packages.Starlet

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-40561
updated an hour ago by @LeSuisse Activity log
  • Created suggestion 10 hours ago
  • @LeSuisse ignored reference https://d… 2 hours ago
  • @LeSuisse ignored
    20 packages
    • xmlstarlet
    • python312Packages.starlette
    • python313Packages.starlette
    • python314Packages.starlette
    • python312Packages.sse-starlette
    • python312Packages.starlette-wtf
    • python313Packages.sse-starlette
    • python313Packages.starlette-wtf
    • python314Packages.sse-starlette
    • python314Packages.starlette-wtf
    • python312Packages.starlette-admin
    • python313Packages.starlette-admin
    • python314Packages.starlette-admin
    • python312Packages.starlette-context
    • python313Packages.starlette-context
    • python314Packages.starlette-context
    • perl538Packages.Starlet
    • python314Packages.starlette-compress
    • python313Packages.starlette-compress
    • python312Packages.starlette-compress
    2 hours ago
  • @LeSuisse restored package perl538Packages.Starlet 2 hours ago
  • @LeSuisse accepted 2 hours ago
  • @LeSuisse published on GitHub an hour ago
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Affected products

Starlet
  • =<0.31

Matching in nixpkgs

Ignored packages (19)

pkgs.xmlstarlet

Command line tool for manipulating and querying XML data