This CVE name corresponds to:
| Entered | Topic |
|---|---|
| 2016-01-12 | p5-PathTools -- File::Spec::canonpath loses taint |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
| Type | Candidate |
| Name | CVE-2015-8607 |
| Phase | Assigned(20151217) |
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
| Source | Reference |
|---|---|
| CONFIRM | http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes |
| CONFIRM | https://rt.perl.org/Public/Bug/Display.html?id=126862 |
| DEBIAN | DSA-3441 |
| UBUNTU | USN-2878-1 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.