/ 
Yukki-0.140290
River stage zero No dependents
/ Yukki::Web::Request
Security Advisories (3)
CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

CVE-2010-5312 (2014-11-24)

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

NAME

Yukki::Web::Request - Yukki request descriptor

VERSION

version 0.140290

DESCRIPTION

This is an abstraction that looks astonishingly similar to Plack::Request.

ATTRIBUTES

env

This is the PSGI environment. Do not use.

request

This is the internal Plack::Request object. Do not use. Use one of the methods delegated to it instead:

address remote_host method protocol request_uri path_info path script_name scheme
secure body input session session_options logger cookies query_parameters
body_parameters parameters content raw_body uri base user headers uploads
content_encoding content_length content_type header referer user_agent param
upload

path_parameters

These are the variables found in the path during dispatch.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2014 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.