Security Advisories (4)

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

NAME

URI::Escape - Escape and unescape unsafe characters

SYNOPSIS

use URI::Escape;
$safe = uri_escape("10% is enough\n");
$verysafe = uri_escape("foo", "\0-\377");
$str  = uri_unescape($safe);

DESCRIPTION

This module provide functions to escape and unescape URI strings. Some characters are regarded as "unsafe" and must be escaped in accordance with RFC 1738. Escaped characters are represented by a triplet consisting of the character "%" followed by two hexadecimal digits. The following functions are provided (and exported by default):

uri_escape($string, [$unsafe])

This function replaces all unsafe characters in the $string with their escape sequence and return the result.

The uri_escape() function takes an optional second argument that overrides the set of characters that are to be escaped. The set is specified as a string that can be used in a regular expression character class (between [ ]). E.g.:

\x00-\x1f\x7f-\xff          # all control and hi-bit characters
a-z                         # all lower case characters
^A-Za-z                     # everything not a letter

The default set of characters to be escaped is:

\x00-\x20"#%;<>?{}|\\^~`\[\]\x7F-\xFF

uri_unescape($string)

Returns a string with all %XX sequences replaced with the actual character.

The module can also export the %escapes hash which contains the mapping from all characters to the corresponding escape code.

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

COPYRIGHT

Module Install Instructions