{"id":"MGASA-2014-0486","summary":"Updated perl-Plack package fixes security vulnerability","details":"Plack::App::File would previously strip trailing slashes off provided paths.\nThis in combination with the common pattern of serving files with\nPlack::Middleware::Static could allow an attacker to bypass a whitelist of\ngenerated files (CVE-2014-5269).\n","modified":"2026-04-16T06:23:16.799510847Z","published":"2014-11-26T10:14:01Z","upstream":["CVE-2014-5269"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0486.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14012"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137115.html"}],"affected":[{"package":{"name":"perl-Plack","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/perl-Plack?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.400-2.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0486.json"}},{"package":{"name":"perl-Plack","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/perl-Plack?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.900-2.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0486.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}