The canonpath function in the File::Spec module in PathTools prior to 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent malicious users to bypass the taint protection mechanism via a crafted string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 15.10 |
||
perl pathtools |
||
debian debian linux 8.0 |