Описание
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.35-2 |
| esm-apps/bionic | released | 1.24-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 1.27-1ubuntu0.1~esm1 |
| esm-apps/xenial | released | 1.20-1ubuntu0.1~esm1 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 1.31-1ubuntu0.1 |
| noble | released | 1.35-1ubuntu0.24.04.1 |
| oracular | released | 1.35-1ubuntu0.24.10.1 |
| plucky | not-affected | 1.35-2 |
| upstream | needed |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Qualys discovered that if unsanitized input was used with the library ...
ELSA-2025-7350: perl-Module-ScanDeps security update (MODERATE)
EPSS
5.3 Medium
CVSS3