First published: Wed Jan 13 2016(Updated: )
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =15.04 | |
Canonical Ubuntu Linux | =15.10 | |
Perl Pathtools | <=3.61 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.