INFSA-2025:7350: perl-Module-ScanDeps security update
Information about definition
Identificator: INFSA-2025:7350
Type: security
Release date: 2025-06-10 09:08:17 UTC
Information about package
This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC (e.g. Test/More.pm). The values are hash references.
Vulnerabilities description
- CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-10224
|
no information | 5.3 | no information |
Updated packages