CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.6%
Eval injection vulnerability in the Digest module before 1.17 for Perl
allows context-dependent attackers to execute arbitrary commands via the
new constructor.
Author | Note |
---|---|
mdeslaur | fixed in digest 1.17 |
jdstrand | from RedHat bug: "To successfully exploit this vulnerability, the attacker must already be able to execute Perl code or be able to set the algorithm name to be used by the constructor in the form "$ctx = |
Digest- | new(XXX => $arg,…)“, which is very unlikely to happen.” |