Security Advisories (2)
CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

CVE-2026-8368 (2026-05-12)

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes. A redirect to an attacker controlled host therefore discloses the caller's credentials to that host.

Documentation

Fetch large files from the web
See what headers and content is returned for a URL
Simple mirror utility
The libwww-perl cookbook
An LWP Tutorial

Modules

LWP
The World-Wide Web library for Perl UNAUTHORIZED
Library for enabling NTLM authentication (Microsoft) in LWP UNAUTHORIZED
Connection cache manager UNAUTHORIZED
deprecated UNAUTHORIZED
Member access mixin class UNAUTHORIZED
Base class for LWP protocols UNAUTHORIZED
a class for well-behaved Web robots UNAUTHORIZED
simple procedural interface to LWP UNAUTHORIZED
Web user agent class UNAUTHORIZED

Provides

in lib/LWP/Authen/Basic.pm UNAUTHORIZED
in lib/LWP/Authen/Digest.pm UNAUTHORIZED
in lib/LWP/DebugFile.pm UNAUTHORIZED
in lib/LWP/Protocol/GHTTP.pm UNAUTHORIZED
in lib/LWP/Protocol/ftp.pm UNAUTHORIZED
in lib/LWP/Protocol/cpan.pm UNAUTHORIZED
in lib/LWP/Protocol/data.pm UNAUTHORIZED
in lib/LWP/Protocol/file.pm UNAUTHORIZED
in lib/LWP/Protocol/ftp.pm UNAUTHORIZED
in lib/LWP/Protocol/gopher.pm UNAUTHORIZED
in lib/LWP/Protocol/http.pm UNAUTHORIZED
in lib/LWP/Protocol/http.pm UNAUTHORIZED
in lib/LWP/Protocol/http.pm UNAUTHORIZED
in lib/LWP/Protocol/loopback.pm UNAUTHORIZED
in lib/LWP/Protocol/mailto.pm UNAUTHORIZED
in lib/LWP/Protocol/nntp.pm UNAUTHORIZED
in lib/LWP/Protocol/nogo.pm UNAUTHORIZED