Aggregates CVE and security vulnerability intelligence across all miyagawa-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-7381 | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an a | 9b29abf9-4ab0-4765-b253-1875cd9b441e | 9.1 | 0.01% | 2026-04-29 | 2026-05-07 |
| CVE-2026-40560 | Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy. | 9b29abf9-4ab0-4765-b253-1875cd9b441e | 7.5 | 0.02% | 2026-04-29 | 2026-05-06 |
| CVE-2014-125112 | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie. | 9b29abf9-4ab0-4765-b253-1875cd9b441e | 9.8 | 0.09% | 2026-03-26 | 2026-05-06 |