[3.4] perl-PathTools: Taint propagation flaw in canonpath() (CVE-2015-8607)ID: oval:org.secpod.oval:def:1800866 | Date: (C)2018-03-29 (M)2022-09-22 |
Class: PATCH | Family: unix |
It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This issue affects versions of PathTools from 3.47 onwards and/or perl 5.20.0.
Platform: |
Alpine Linux 3.4 |