Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: perlPackages.Starlet

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-40561
updated 3 hours ago by @LeSuisse Activity log
  • Created suggestion 11 hours ago
  • @LeSuisse ignored reference https://d… 3 hours ago
  • @LeSuisse ignored
    20 packages
    • xmlstarlet
    • python312Packages.starlette
    • python313Packages.starlette
    • python314Packages.starlette
    • python312Packages.sse-starlette
    • python312Packages.starlette-wtf
    • python313Packages.sse-starlette
    • python313Packages.starlette-wtf
    • python314Packages.sse-starlette
    • python314Packages.starlette-wtf
    • python312Packages.starlette-admin
    • python313Packages.starlette-admin
    • python314Packages.starlette-admin
    • python312Packages.starlette-context
    • python313Packages.starlette-context
    • python314Packages.starlette-context
    • perl538Packages.Starlet
    • python314Packages.starlette-compress
    • python313Packages.starlette-compress
    • python312Packages.starlette-compress
    3 hours ago
  • @LeSuisse restored package perl538Packages.Starlet 3 hours ago
  • @LeSuisse accepted 3 hours ago
  • @LeSuisse published on GitHub 3 hours ago
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Affected products

Starlet
  • =<0.31

Matching in nixpkgs

Ignored packages (19)

pkgs.xmlstarlet

Command line tool for manipulating and querying XML data