CVE-2015-8607Improper Input Validation in Perl

CWE-20Improper Input Validation8 documents7 sources
Severity
7.3HIGHNVD
EPSS
5.7%
top 9.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PerlDebian PerlPerl Pathtools+2 more
Timeline
PublishedJan 13
Latest updateMay 13

Description

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

NVDperl/pathtools3.61
debiandebian/perl< perl 5.22.1-4 (bookworm)
Debianperl/perl< 5.22.1-4+3

Also affects: Debian Linux 8.0, Ubuntu Linux 15.04, 15.10

🔴Vulnerability Details

2
GHSA
GHSA-53pj-vpxm-m333: The canonpath function in the File::Spec module in PathTools before 32022-05-13
OSV
CVE-2015-8607: The canonpath function in the File::Spec module in PathTools before 32016-01-13

📋Vendor Advisories

3
Ubuntu
Perl vulnerability2016-01-21
Red Hat
perl-PathTools: Taint propagation flaw in canonpath()2016-01-11
Debian
CVE-2015-8607: perl - The canonpath function in the File::Spec module in PathTools before 3.62, as use...2015

💬Community

2
Bugzilla
CVE-2015-8607 perl-PathTools: Taint propagation flaw in canonpath() [fedora-all]2016-01-11
Bugzilla
CVE-2015-8607 perl-PathTools: Taint propagation flaw in canonpath()2015-12-21