The Net::Ping::External extension up to and including 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
net-ping-external project net-ping-external |