The Dumper method in Data::Dumper prior to 2.154, as used in Perl 5.20.1 and previous versions, allows context-dependent malicious users to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
perl perl |
||
data dumper project data dumper |