p5-PathTools -- File::Spec::canonpath loses taint
Ricardo Signes reports:
Beginning in PathTools 3.47 and/or perl 5.20.0, the
File::Spec::canonpath() routine returned untained strings even if
passed tainted input. This defect undermines the guarantee of taint
propagation, which is sometimes used to ensure that unvalidated
user input does not reach sensitive code.
This defect was found and reported by David Golden of MongoDB.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright