Описание
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libmodule-scandeps-perl | fixed | 1.35-2 | package |
Примечания
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529
Fixed by: https://github.com/rschupp/Module-ScanDeps/commit/30d43e2df13cfca74833b3aa8a641679427c5cd8
Fixed by: https://github.com/rschupp/Module-ScanDeps/commit/e1f2e14c5bee4d78c94b0cddf120e81af104f6dd
Functional followup fix: https://github.com/rschupp/Module-ScanDeps/commit/49468814a24221affe113664899be21aef60e846
EPSS
Связанные уязвимости
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
ELSA-2025-7350: perl-Module-ScanDeps security update (MODERATE)
EPSS