The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2011-09-14T15:00:00Z
Updated: 2011-09-14T15:00:00Z
Reserved: 2011-05-31T00:00:00Z
Link: CVE-2011-2201
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-09-14T16:05:23.527
Modified: 2011-09-14T16:05:23.527
Link: CVE-2011-2201
JSON object: View
Redhat Information
No data.
CWE