CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
87.8%
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x,
5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply
the taint attribute to the return value upon processing tainted input,
which might allow context-dependent attackers to bypass the taint
protection mechanism via a crafted string.
Author | Note |
---|---|
mdeslaur | see: http://www.nntp.perl.org/group/perl.perl5.porters/2011/04/msg171010.html dapper and hardy were before the vulnerable code was introduced |