Описание
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 5.8.7-10ubuntu1.2 |
| devel | not-affected | 5.12.3-6ubuntu4 |
| hardy | not-affected | 5.8.8-12ubuntu0.4 |
| karmic | ignored | end of life |
| lucid | released | 5.10.1-8ubuntu2.1 |
| maverick | released | 5.10.1-12ubuntu2.1 |
| natty | released | 5.10.1-17ubuntu4.1 |
| upstream | released | 5.10.1-20 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.1 ...
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Уязвимость интерпретатора Perl, позволяющая нарушителю внедрить произвольный код
EPSS
5 Medium
CVSS2