Описание
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| perl | fixed | 5.22.1-4 | package | |
| perl | not-affected | wheezy | package | |
| perl | not-affected | squeeze | package | |
| libfile-spec-perl | removed | package | ||
| libfile-spec-perl | not-affected | wheezy | package | |
| libfile-spec-perl | not-affected | squeeze | package |
Примечания
http://perl5.git.perl.org/perl.git/commit/130509aa42a87eef258fab0182ee2c7ad16baa8b
https://rt.perl.org/Public/Bug/Display.html?id=126862
EPSS
Связанные уязвимости
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
EPSS