CVE-2014-10401 — Incorrect Permission Assignment in DBI

CWE-732 — Incorrect Permission Assignment CWE-73 — External Control of File Name or Path12 documents9 sources

Severity

6.1MEDIUMNVD

OSV5.3

EPSS

0.0%

top 90.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl DBI

Timeline

PublishedSep 11

Latest updateMay 17

Description

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 1.8 | Impact: 4.2

Affected Packages1 packages

▶NVDperl/dbi< 1.632

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9347-cf5g-8j34: An issue was discovered in the DBI module before 1↗2022-05-17

▶

OSV

libdbi-perl vulnerabilities↗2020-09-17

▶

OSV

CVE-2014-10401: An issue was discovered in the DBI module before 1↗2020-09-11

▶

CVEList

CVE-2014-10401: An issue was discovered in the DBI module before 1↗2020-09-11

▶

📋Vendor Advisories

Ubuntu

Perl DBI module vulnerabilities↗2020-09-17

▶

Red Hat

perl-dbi: Incomplete fix for CVE-2014-10401↗2020-09-16

▶

Microsoft

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DS↗2020-09-08

▶

Red Hat

perl-dbi: DBD:: File drivers open files from folders other than specifically passed↗2014-10-16

▶

Debian

CVE-2014-10401: libdbi-perl - An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drive...↗2014

▶

💬Community

Bugzilla

CVE-2014-10402 perl-dbi: Incomplete fix for CVE-2014-10401↗2020-09-16

▶

Bugzilla

CVE-2014-10401 perl-dbi: DBD:: File drivers open files from folders other than specifically passed↗2020-09-09

▶