Back to overview

CVE-2026-13397

Description
HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Metadata

CVE ID
CVE-2026-13397
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-06-26 08:25 UTC
Published
2026-07-16 16:14 UTC
Last updated
2026-07-16 19:27 UTC
Primary CWE
CWE-835
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop…
Vendor / Product
CODECHILD / HTML::Bare
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
CODECHILD HTML::Bare 0 ≤ 0.04
Weakness (CWE)
CWESourceDescription
CWE-835 cna CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Back to overview