The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
Updated tests to work with status codes emitted before and after CGI.pm 3.16. The requirement for CGI.pm 3.16 or newer has been relaxed, so any version of CGI.pm will do. (Rhesa)