Hi, I'm CGI-Application's maintainer in Fedora.
I agree that the behavior when a runmode is not defined is surprising and
a bug, but I think treating it as a full-blown security vulnerability in
CGI::Application (as opposed to the calling application) may be overkill.
That said, it looks
An API change indroduced in 2008 alrealy (commit 61d327646f01fe) may
cause unexpected and unwanted data dumps of a complete set of web query
data and environment to the public. Developers of web apps written
before the change are probably unaware of the problem since the general
behaviour
2 matches
Mail list logo