{"id":"ALPINE-CVE-2013-4407","details":"HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first \".\" character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.","modified":"2025-11-19T05:58:26.542030Z","published":"2013-11-23T18:55:04.657Z","upstream":["CVE-2013-4407"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2013-4407"}],"affected":[{"package":{"name":"perl-http-body","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/perl-http-body?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22-r2"}]}],"versions":["1.12-r0","1.15-r0","1.17-r0","1.22-r0","1.22-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2013-4407.json"}},{"package":{"name":"perl-http-body","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/perl-http-body?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22-r2"}]}],"versions":["1.12-r0","1.15-r0","1.17-r0","1.22-r0","1.22-r1"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2013-4407.json"}},{"package":{"name":"perl-http-body","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/perl-http-body?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22-r3"}]}],"versions":["1.12-r0","1.15-r0","1.17-r0","1.22-r0","1.22-r1","1.22-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2013-4407.json"}},{"package":{"name":"perl-http-body","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/perl-http-body?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22-r4"}]}],"versions":["1.12-r0","1.15-r0","1.17-r0","1.22-r0","1.22-r1","1.22-r2","1.22-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2013-4407.json"}}],"schema_version":"1.7.3"}