Search

Find a vulnerability

Search criteria

    8 vulnerabilities by CODECHILD

    CVE-2026-57074 (GCVE-0-2026-57074)

    Vulnerability from nvd – Published: 2026-07-16 16:15 – Updated: 2026-07-16 19:27
    VLAI
    Title
    XML::Bare versions through 0.53 for Perl have an unbounded character lookahead
    Summary
    XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD XML::Bare Affected: 0 , ≤ 0.53 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:59.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-Bare",
              "product": "XML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-XML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.53",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.\n\nThe parserc_parse function attempts to check for multicharacter strings such as \"\u003c![CDATA\" or element terminators such as \"\u003e\" without checking that the offsets are within the buffer.\n\nTruncated strings such as \"\u003ca/\" can trigger an out-of-bounds read."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:15:34.033Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-XML-Bare/pull/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML::Bare versions through 0.53 for Perl have an unbounded character lookahead",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57074",
        "datePublished": "2026-07-16T16:15:34.033Z",
        "dateReserved": "2026-06-23T17:59:40.467Z",
        "dateUpdated": "2026-07-16T19:27:59.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57073 (GCVE-0-2026-57073)

    Vulnerability from nvd – Published: 2026-07-16 16:15 – Updated: 2026-07-16 19:27
    VLAI
    Title
    HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead
    Summary
    HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD HTML::Bare Affected: 0 , ≤ 0.04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:58.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "HTML-Bare",
              "product": "HTML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-HTML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead.\n\nThe parserc_parse function attempts to check for multicharacter strings such as \"\u003c![CDATA\" or element terminators such as \"\u003e\" without checking that the offsets are within the buffer.\n\nTruncated strings such as \"\u003ca/\" can trigger an out-of-bounds read.\n\nNote that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:15:16.551Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-HTML-Bare/pull/2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.02/CVE-2026-57073-r1.patch"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.04/CVE-2026-57073-r2.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch to version 0.02 (from CPAN) or version 0.04 (from the git repository)."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57073",
        "datePublished": "2026-07-16T16:15:16.551Z",
        "dateReserved": "2026-06-23T17:59:40.467Z",
        "dateUpdated": "2026-07-16T19:27:58.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13401 (GCVE-0-2026-13401)

    Vulnerability from nvd – Published: 2026-07-16 16:14 – Updated: 2026-07-16 19:27
    VLAI
    Title
    XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes
    Summary
    XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD XML::Bare Affected: 0 , ≤ 0.53 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:57.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-Bare",
              "product": "XML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-XML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.53",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.\n\nThe parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.\n\nNameless attributes such as \"\u003ca =\u0027c\u0027\u003e\" or unbalanced quotes \"\u003ca b=\u0027\u0027\u0027\u0027\u0027\u0027\u0027c\u0027\u003e\" can trigger this condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:14:50.176Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-XML-Bare/pull/2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-13401-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13401",
        "datePublished": "2026-07-16T16:14:50.176Z",
        "dateReserved": "2026-06-26T08:38:33.750Z",
        "dateUpdated": "2026-07-16T19:27:57.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13397 (GCVE-0-2026-13397)

    Vulnerability from nvd – Published: 2026-07-16 16:14 – Updated: 2026-07-16 19:27
    VLAI
    Title
    HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes
    Summary
    HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD HTML::Bare Affected: 0 , ≤ 0.04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:56.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "HTML-Bare",
              "product": "HTML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-HTML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes.\n\nThe parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.\n\nNameless attributes such as \"\u003ca =\u0027c\u0027\u003e\" or unbalanced quotes \"\u003ca b=\u0027\u0027\u0027\u0027\u0027\u0027\u0027c\u0027\u003e\" can trigger this condition.\n\nNote that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:14:14.891Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-HTML-Bare/pull/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.02/CVE-2026-13397-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13397",
        "datePublished": "2026-07-16T16:14:14.891Z",
        "dateReserved": "2026-06-26T08:25:15.552Z",
        "dateUpdated": "2026-07-16T19:27:56.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57074 (GCVE-0-2026-57074)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:15 – Updated: 2026-07-16 19:27
    VLAI
    Title
    XML::Bare versions through 0.53 for Perl have an unbounded character lookahead
    Summary
    XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD XML::Bare Affected: 0 , ≤ 0.53 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:59.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-Bare",
              "product": "XML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-XML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.53",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.\n\nThe parserc_parse function attempts to check for multicharacter strings such as \"\u003c![CDATA\" or element terminators such as \"\u003e\" without checking that the offsets are within the buffer.\n\nTruncated strings such as \"\u003ca/\" can trigger an out-of-bounds read."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:15:34.033Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-XML-Bare/pull/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML::Bare versions through 0.53 for Perl have an unbounded character lookahead",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57074",
        "datePublished": "2026-07-16T16:15:34.033Z",
        "dateReserved": "2026-06-23T17:59:40.467Z",
        "dateUpdated": "2026-07-16T19:27:59.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57073 (GCVE-0-2026-57073)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:15 – Updated: 2026-07-16 19:27
    VLAI
    Title
    HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead
    Summary
    HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD HTML::Bare Affected: 0 , ≤ 0.04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:58.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "HTML-Bare",
              "product": "HTML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-HTML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead.\n\nThe parserc_parse function attempts to check for multicharacter strings such as \"\u003c![CDATA\" or element terminators such as \"\u003e\" without checking that the offsets are within the buffer.\n\nTruncated strings such as \"\u003ca/\" can trigger an out-of-bounds read.\n\nNote that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:15:16.551Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-HTML-Bare/pull/2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.02/CVE-2026-57073-r1.patch"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.04/CVE-2026-57073-r2.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch to version 0.02 (from CPAN) or version 0.04 (from the git repository)."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-57073",
        "datePublished": "2026-07-16T16:15:16.551Z",
        "dateReserved": "2026-06-23T17:59:40.467Z",
        "dateUpdated": "2026-07-16T19:27:58.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13401 (GCVE-0-2026-13401)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:14 – Updated: 2026-07-16 19:27
    VLAI
    Title
    XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes
    Summary
    XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD XML::Bare Affected: 0 , ≤ 0.53 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:57.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-Bare",
              "product": "XML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-XML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.53",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.\n\nThe parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.\n\nNameless attributes such as \"\u003ca =\u0027c\u0027\u003e\" or unbalanced quotes \"\u003ca b=\u0027\u0027\u0027\u0027\u0027\u0027\u0027c\u0027\u003e\" can trigger this condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:14:50.176Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-XML-Bare/pull/2"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-13401-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13401",
        "datePublished": "2026-07-16T16:14:50.176Z",
        "dateReserved": "2026-06-26T08:38:33.750Z",
        "dateUpdated": "2026-07-16T19:27:57.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13397 (GCVE-0-2026-13397)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:14 – Updated: 2026-07-16 19:27
    VLAI
    Title
    HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes
    Summary
    HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CODECHILD HTML::Bare Affected: 0 , ≤ 0.04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:27:56.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/16/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "HTML-Bare",
              "product": "HTML::Bare",
              "programFiles": [
                "parser.c"
              ],
              "programRoutines": [
                {
                  "name": "parserc_parse"
                }
              ],
              "repo": "https://github.com/nanoscopic/perl-HTML-Bare",
              "vendor": "CODECHILD",
              "versions": [
                {
                  "lessThanOrEqual": "0.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes.\n\nThe parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.\n\nNameless attributes such as \"\u003ca =\u0027c\u0027\u003e\" or unbalanced quotes \"\u003ca b=\u0027\u0027\u0027\u0027\u0027\u0027\u0027c\u0027\u003e\" can trigger this condition.\n\nNote that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:14:14.891Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/nanoscopic/perl-HTML-Bare/pull/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://security.metacpan.org/patches/H/HTML-Bare/0.02/CVE-2026-13397-r1.patch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply the patch."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-13397",
        "datePublished": "2026-07-16T16:14:14.891Z",
        "dateReserved": "2026-06-26T08:25:15.552Z",
        "dateUpdated": "2026-07-16T19:27:56.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }