CVE-2017-16248
N/A
N/A
Summary
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.debian.org/880458
- https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple
- https://rt.cpan.org/Public/Bug/Display.html?id=120558
References
- https://bugs.debian.org/880458
- https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple
- https://rt.cpan.org/Public/Bug/Display.html?id=120558
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.