Arbitrary Code Execution

2020-04-1001:03:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.036 Low

EPSS

Percentile

91.6%

JSON

perl is vulnerable to arbitrary code execution. It was found that the “new” constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.

CPENameOperatorVersion
perleq5.10.1__115.el6
perleq5.8.8__18.el5
perleq5.8.8__27.el5
perleq5.8.8__10.el5_0.2
perleq5.8.8__15.el5_2.1
perleq5.8.8__10.el5_2.3
perleq5.8.5__36.el4_6.3
perleq5.8.5__36.el4_5.2
perleq5.8.8__18.el5_3.1
perleq5.8.5__49.el4

Name	Operator	Version
perl	eq	5.10.1__115.el6
perl	eq	5.8.8__18.el5
perl	eq	5.8.8__27.el5
perl	eq	5.8.8__10.el5_0.2
perl	eq	5.8.8__15.el5_2.1
perl	eq	5.8.8__10.el5_2.3
perl	eq	5.8.5__36.el4_6.3
perl	eq	5.8.5__36.el4_5.2
perl	eq	5.8.8__18.el5_3.1
perl	eq	5.8.5__49.el4