CGI 3.53
Security Advisories
CVE-2012-5526
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
- http://www.securityfocus.com/bid/56562
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- https://github.com/markstos/CGI.pm/pull/23
- http://www.securitytracker.com/id?1027780
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Fixed version: >=3.63
Reported: 2012-11-21
CVE-2011-2766
Usage of deprecated FCGI.pm API.
- https://rt.cpan.org/Public/Bug/Display.html?id=68380
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766
Fixed version: >=3.56
Reported: 2011-11-08
Kwalitee Issues
- meta_yml_conforms_to_known_spec
-
Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.
Error: Missing mandatory field, 'abstract' (abstract) [Validation: 1.4];value is an undefined string (abstract) [Validation: 1.4]
- distname_matches_name_in_meta
-
Use a proper tool to make a distribution. You might also need to fix META files if you keep them in the repository.
Error: CGI.pm
- has_human_readable_license
-
Add a section called "LICENSE" to the documentation, or add a file named LICENSE to the distribution.
- has_license_in_source_file
-
Add =head1 LICENSE and the text of the license to the main module in your code.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: CGI, CGI::Apache, CGI::Carp, CGI::Push, CGI::Switch
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: CGI.pm-3.53/lib/CGI.pm -- Around line 5546: Expected text after =item, not a number Around line 5550: Expected text after =item, not a number Around line 5554: Expected text after =item, not a number Around line 6115: Expected text after =item, not a number Around line 6119: Expected text after =item, not a number Around line 6124: Expected text after =item, not a number Around line 6129: Expected text after =item, not a number Around line 6198: Expected text after =item, not a number Around line 6202: Expected text after =item, not a number Around line 6213: Expected text after =item, not a number Around line 6218: Expected text after =item, not a number Around line 6553: Expected text after =item, not a number Around line 6559: Expected text after =item, not a number Around line 6568: Expected text after =item, not a number Around line 6572: Expected text after =item, not a number Around line 6578: Expected text after =item, not a number Around line 6584: Expected text after =item, not a number Around line 6629: Expected text after =item, not a number Around line 6637: Expected text after =item, not a number Around line 6644: Expected text after =item, not a number Around line 6722: Expected text after =item, not a number Around line 6728: Expected text after =item, not a number Around line 6733: Expected text after =item, not a number Around line 6739: Expected text after =item, not a number Around line 6779: Expected text after =item, not a number Around line 6783: Expected text after =item, not a number Around line 6791: Expected text after =item, not a number Around line 6798: Expected text after =item, not a number Around line 6803: Expected text after =item, not a number Around line 6879: Expected text after =item, not a number Around line 6885: Expected text after =item, not a number Around line 6891: Expected text after =item, not a number Around line 6940: Expected text after =item, not a number Around line 6945: Expected text after =item, not a number Around line 6983: Expected text after =item, not a number Around line 6988: Expected text after =item, not a number
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- has_known_license_in_source_file
-
Add =head1 LICENSE and/or the proper text of the well-known license to the main module in your code.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: CGI, CGI::Apache, CGI::Carp, CGI::Fast, CGI::Pretty, CGI::Push, CGI::Switch, CGI::Util
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- MultipartBuffer
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 1.01,1.05,1.08,1.30,3.46,3.51,3.53
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
CGI | Handle Common Gateway Interface requests and responses | 3.53 | metacpan |
CGI::Apache | Backward compatibility module for CGI.pm | 1.01 | metacpan |
CGI::Carp | CGI routines for writing to the HTTPD (or other) error log | 3.51 | metacpan |
CGI::Cookie | Interface to HTTP Cookies | 1.30 | metacpan |
CGI::Fast | CGI Interface for Fast CGI | 1.08 | metacpan |
CGI::Pretty | module to produce nicely formatted HTML code | 3.46 | metacpan |
CGI::Push | Simple Interface to Server Push | 1.05 | metacpan |
CGI::Switch | Backward compatibility module for defunct CGI::Switch | 1.01 | metacpan |
CGI::Util | Internal utilities used by CGI module | 3.53 | metacpan |