CVE-2013-1437Injection in Project Module-metadata

CWE-74Injection8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 23.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
PerlModule-metadata Project Module-metadataDebian Libmodule-metadata-perl+3 more
Timeline
PublishedJan 28
Latest updateMay 5

Description

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

debiandebian/libmodule-metadata-perl< libmodule-metadata-perl 1.000015-1 (bookworm)
CVEListV5perl_toolchain_gang/module-metadatabefore 1.000015
debiandebian/perl< libmodule-metadata-perl 1.000015-1 (bookworm)
Debianperl/perl< 5.18.1-2+3

Also affects: Fedora 18, 19

🔴Vulnerability Details

2
GHSA
GHSA-86v9-w7h5-78qj: Eval injection vulnerability in the Module-Metadata module before 12022-05-05
OSV
CVE-2013-1437: Eval injection vulnerability in the Module-Metadata module before 12020-01-28

📋Vendor Advisories

2
Red Hat
perl-Module-Metadata: incorrectly documents that it does not execute unsafe code2013-08-21
Debian
CVE-2013-1437: libmodule-metadata-perl - Eval injection vulnerability in the Module-Metadata module before 1.000015 for P...2013

💬Community

3
Bugzilla
CVE-2013-1437 perl-Module-Metadata: incorrectly documents that it does not execute unsafe code [fedora-all]2013-08-21
Bugzilla
CVE-2013-1437 perl-Module-Metadata: incorrectly documents that it does not execute unsafe code2013-08-12
Bugzilla
CVE-2013-2102 Gatein: JGroups configurations enable diagnostics without authentication2013-05-16