Starlet-0.22

Security Advisories (1)

CVE-2026-40561 (2026-05-03)

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3
https://github.com/kazuho/Starlet/commit/a7d5dfd1862aafa43e5eaca0fdb6acf4cc15b2d0.patch
https://metacpan.org/release/KAZUHO/Starlet-0.32/changes

Changes for version 0.22

listen to muliple ports passed from Server::Starter (ttakezawa)

Modules

Starlet

a simple, high-performance PSGI/Plack HTTP server

Provides

Plack::Handler::Starlet

in lib/Plack/Handler/Starlet.pm

Starlet::Server

in lib/Starlet/Server.pm

Other files

Changes
MANIFEST
META.yml
Makefile.PL
README

To install Starlet, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Starlet

CPAN shell

perl -MCPAN -e shell
install Starlet

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.22

Modules

Provides

Other files

Module Install Instructions

Keyboard Shortcuts