Описание
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | perl | Will not fix | ||
| Red Hat Enterprise Linux 5 | perl | Will not fix | ||
| Red Hat Enterprise Linux 6 | perl | Will not fix | ||
| Red Hat Enterprise Linux 7 | perl | Will not fix | ||
| Red Hat Software Collections | perl516-perl | Will not fix | ||
| Red Hat Software Collections | rh-perl520-perl | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1309214perl: ambiguous environment variables handling
EPSS
Процентиль: 95%
0.19468
Средний
5.1 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 10 лет назад
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVSS3: 7.5
nvd
почти 10 лет назад
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVSS3: 7.5
debian
почти 10 лет назад
Perl might allow context-dependent attackers to bypass the taint prote ...
CVSS3: 7.5
github
больше 3 лет назад
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
EPSS
Процентиль: 95%
0.19468
Средний
5.1 Medium
CVSS2