← back
CVE-2017-16248

CVE-2017-16248

EPSS 2.4%
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.debian.org/880458https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simplehttps://rt.cpan.org/Public/Bug/Display.html?id=120558