Download
| Alert*
oval:org.secpod.oval:def:602327
David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ... oval:org.secpod.oval:def:1800866 It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This issue affects versions of PathTools ... oval:org.secpod.oval:def:2100987 The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. oval:org.secpod.oval:def:702942 perl: Practical Extraction and Report Language Perl incorrectly handled the taint attribute. oval:org.secpod.oval:def:110085 This is the combined distribution for the File::Spec and Cwd modules. oval:org.secpod.oval:def:110043 This is the combined distribution for the File::Spec and Cwd modules. |