The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
References
Link | Resource |
---|---|
https://bugs.debian.org/880458 | Third Party Advisory |
https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple | Release Notes |
https://rt.cpan.org/Public/Bug/Display.html?id=120558 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-01T01:00:00
Updated: 2017-11-01T01:57:02
Reserved: 2017-10-31T00:00:00
Link: CVE-2017-16248
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-01T01:29:01.010
Modified: 2017-11-22T20:20:30.097
Link: CVE-2017-16248
JSON object: View
Redhat Information
No data.
CWE