/ 
libwww-perl-5.53_97
/ LWP::MemberMixin
Security Advisories (3)
CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

NAME

LWP::MemberMixin - Member access mixin class

SYNOPSIS

package Foo;
require LWP::MemberMixin;
@ISA=qw(LWP::MemberMixin);

DESCRIPTION

A mixin class to get methods that provide easy access to member variables in the %$self. Ideally there should be better Perl langauge support for this.

There is only one method provided:

_elem($elem [, $val])

Internal method to get/set the value of member variable $elem. If $val is present it is used as the new value for the member variable. If it is not present the current value is not touched. In both cases the previous value of the member variable is returned.