Medium: perl-Module-ScanDeps

Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

[SECURITY] Fedora 40 Update: perl-Module-ScanDeps-1.37-1.fc40

This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC e.g. Test/More.pm. The values are hash references...

Fedora 41 : perl-Module-ScanDeps (2024-c05ef21f1f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c05ef21f1f advisory. 1.37 - fix parsing of use if ... Fixes errors in PAR::Packer test t/90-rt59710.t - add test for parselibs 1.36 - Fix CVE-2024-10224: Unsanitized input leads ...

Fedora 40 : perl-Module-ScanDeps (2024-8adf4a4b24)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8adf4a4b24 advisory. 1.37 - fix parsing of use if ... Fixes errors in PAR::Packer test t/90-rt59710.t - add test for parselibs 1.36 - Fix CVE-2024-10224: Unsanitized input leads ...

Fedora: Security Advisory (FEDORA-2024-8adf4a4b24)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: perl-Module-ScanDeps (CVE-2024-10224)

The version of perl-Module-ScanDeps installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10224 advisory. - Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, befor...

CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3

CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3. A patched version of the package is available...

The vulnerability of the Module-Scandeps library, related to the failure to neutralize special elements used in the operating system’s command set, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Module-Scandeps library is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-2

CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-2. A patched version of the package is available...

CVE-2024-10224

A flaw was found in the Module-ScanDeps package. Due to the handling of unsanitized input, a local attacker can execute arbitrary shell commands or potentially escalate privileges on the host...

AZL-53394 CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-2

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

AZL-53397 CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

Module-ScanDeps 权限许可和访问控制问题漏洞

Module-ScanDeps is an application by Roderich Schupp Personal Developer. A security vulnerability exists in Module-ScanDeps versions prior to 1.36 that stems from improper input validation, which could lead to a local attacker executing arbitrary shell commands by opening a pesky pipe or passing ...