8 matches found
OESA-2026-2653 perl-IO-Compress security update
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...
OESA-2026-2652 perl-IO-Compress security update
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...
📄 IO-Compress 2.219 Eval Injection
An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...
TencentOS Server 4: perl-IO-Compress (TSSA-2026:0426)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0426 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
PT-2026-43488
Name of the Vulnerable Software and Affected Versions IO::Compress versions prior to 2.220 Description An issue in File::GlobMapper allows the execution of arbitrary code through an attacker-controlled output glob. The function parseOutputGlob wraps the provided output glob string in double quote...