Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
Perl CGI.pm is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input.
An attacker may exploit this issue to inject arbitrary HTTP headers into a server response.
By inserting arbitrary headers into an HTTP response, attackers may be able to launch various cross-site request forgery, cross-site scripting, and HTTP-request smuggling attacks.
CGI.pm versions prior to 3.63 are vulnerable.