CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
88.8%
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent
attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access
restrictions, and inject and execute arbitrary code, via vectors involving
implicitly called methods and implicitly blessed objects, as demonstrated
by the (a) DESTROY and (b) AUTOLOAD methods, related to “automagic
methods.”
Author | Note |
---|---|
mdeslaur | debian bug says upstream 2.27 contains regressions…should update to 2.25, but 2.25 doesn’t fix CVE-2010-1447. |