Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-30673

Опубликовано: 01 апр. 2025
Источник: debian

Описание

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsub-handlesvia-perlfixed0.050002-1package
libsub-handlesvia-perlfixed0.050000-1+deb12u1bookwormpackage
libsub-handlesvia-perlnot-affectedbullseyepackage

Примечания

  • https://lists.security.metacpan.org/cve-announce/msg/28383041/

  • Fixed by: https://github.com/tobyink/p5-sub-handlesvia/commit/9bc3cfb22ade4b407413ae1c746bb331fff52954 (0.050002)

  • Consequence of CVE-2025-30672/Mite

Связанные уязвимости

ubuntu логотип

CVE-2025-30673

CVSS3: 6.5
ubuntu
10 месяцев назад

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

nvd логотип

CVE-2025-30673

CVSS3: 6.5
nvd
10 месяцев назад

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

github логотип

GHSA-hhc7-9jf4-whgx

CVSS3: 6.5
github
10 месяцев назад

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672