Nixpkgs security tracker

Login with GitHub

Suggestions search

Published

Filter by:

With package: perlPackages.Starman

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-40560

updated 12 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored
4 packages
- perlPackages.CatalystXScriptServerStarman
- perl5Packages.CatalystXScriptServerStarman
- perl538Packages.CatalystXScriptServerStarman
- perl540Packages.CatalystXScriptServerStarman
12 hours ago
@LeSuisse ignored reference https://d… 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

References

Ignored references (1)

https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3

Affected products

Starman

<0.4018

Matching in nixpkgs

pkgs.perlPackages.Starman

High-performance preforking PSGI/Plack web server

nixos-unstable 0.4017
- nixpkgs-unstable 0.4017
- nixos-unstable-small 0.4017
nixos-25.11 0.4017
- nixos-25.11-small 0.4017
- nixpkgs-25.11-darwin 0.4017

pkgs.perl5Packages.Starman

High-performance preforking PSGI/Plack web server

nixos-unstable 0.4017
- nixpkgs-unstable 0.4017
- nixos-unstable-small 0.4017

pkgs.perl538Packages.Starman

High-performance preforking PSGI/Plack web server

nixos-25.11 0.4017
- nixos-25.11-small 0.4017
- nixpkgs-25.11-darwin 0.4017

pkgs.perl540Packages.Starman

High-performance preforking PSGI/Plack web server

nixos-25.11 0.4017
- nixos-25.11-small 0.4017
- nixpkgs-25.11-darwin 0.4017

Ignored packages (4)

pkgs.perlPackages.CatalystXScriptServerStarman

Replace the development server with Starman

nixos-unstable 0.03
- nixpkgs-unstable 0.03
- nixos-unstable-small 0.03
nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

pkgs.perl5Packages.CatalystXScriptServerStarman

Replace the development server with Starman

nixos-unstable 0.03
- nixpkgs-unstable 0.03
- nixos-unstable-small 0.03

pkgs.perl538Packages.CatalystXScriptServerStarman

Replace the development server with Starman

nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

pkgs.perl540Packages.CatalystXScriptServerStarman

Replace the development server with Starman

nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

1