CVE-2024-10224

Опубликовано: 19 нояб. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

EPSS Низкий

Описание

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

Ссылки

https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529
Exploit
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2024-10224
Third Party Advisory
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
Exploit
Mitigation
https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html
Mailing List
https://www.openwall.com/lists/oss-security/2024/11/19/1
Exploit
Mailing List
Mitigation

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rschupp:modules\:\:scandeps:*:*:*:*:*:perl:*:*

Версия до 1.36 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00221

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

CVE-2024-10224

CVSS3: 5.3

ubuntu

12 месяцев назад

CVE-2024-10224

CVSS3: 5.3

redhat

12 месяцев назад

CVE-2024-10224

CVSS3: 5.3

msrc

12 месяцев назад

Qualys discovered that if unsanitized input was used with the library Modules: ScanDeps

CVE-2024-10224

CVSS3: 5.3

debian

12 месяцев назад

Qualys discovered that if unsanitized input was used with the library ...

ELSA-2025-7350

oracle-oval

6 месяцев назад

ELSA-2025-7350: perl-Module-ScanDeps security update (MODERATE)

EPSS

Процентиль: 45%

0.00221

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78