Описание
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
A flaw was found in the Module-ScanDeps package. Due to the handling of unsanitized input, a local attacker can execute arbitrary shell commands or potentially escalate privileges on the host.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | perl-Module-ScanDeps | Out of support scope | ||
| Red Hat Enterprise Linux 8 | perl-Module-ScanDeps | Will not fix | ||
| Red Hat Enterprise Linux 9 | perl-Module-ScanDeps | Fixed | RHSA-2025:7350 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library ...
ELSA-2025-7350: perl-Module-ScanDeps security update (MODERATE)
5.3 Medium
CVSS3