Description
The canonpath function in the File::Spec module in PathTools before 3.62,
as used in Perl, does not properly preserve the taint attribute of data,
which might allow context-dependent attackers to bypass the taint
protection mechanism via a crafted string.
Notes
| mdeslaur | introduced in perl 5.20.0
introduced in libfile-spec-perl 3.47 |
Package
| Upstream: | needs-triage
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was not-affected [3.4000-1ubuntu2])
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Updated: 2019-12-05 18:43:21 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)