Vulnerability Details CVE-2016-10374
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
Products affected by CVE-2016-10374
-
cpe:2.3:a:perltidy_project:perltidy:2001-03-03
-
cpe:2.3:a:perltidy_project:perltidy:2001-03-23
-
cpe:2.3:a:perltidy_project:perltidy:2001-03-28
-
cpe:2.3:a:perltidy_project:perltidy:2001-04-04
-
cpe:2.3:a:perltidy_project:perltidy:2001-04-06
-
cpe:2.3:a:perltidy_project:perltidy:2001-06-08
-
cpe:2.3:a:perltidy_project:perltidy:2001-06-17
-
cpe:2.3:a:perltidy_project:perltidy:2001-07-01
-
cpe:2.3:a:perltidy_project:perltidy:2001-07-02
-
cpe:2.3:a:perltidy_project:perltidy:2001-07-23
-
cpe:2.3:a:perltidy_project:perltidy:2001-07-31
-
cpe:2.3:a:perltidy_project:perltidy:2001-09-03
-
cpe:2.3:a:perltidy_project:perltidy:2001-10-16
-
cpe:2.3:a:perltidy_project:perltidy:2001-10-20
-
cpe:2.3:a:perltidy_project:perltidy:2001-11-28
-
cpe:2.3:a:perltidy_project:perltidy:2001-12-31
-
cpe:2.3:a:perltidy_project:perltidy:2002-02-25
-
cpe:2.3:a:perltidy_project:perltidy:2002-04-16
-
cpe:2.3:a:perltidy_project:perltidy:2002-04-25
-
cpe:2.3:a:perltidy_project:perltidy:2002-08-26
-
cpe:2.3:a:perltidy_project:perltidy:2002-09-22
-
cpe:2.3:a:perltidy_project:perltidy:2002-11-06
-
cpe:2.3:a:perltidy_project:perltidy:2002-11-30
-
cpe:2.3:a:perltidy_project:perltidy:2003-07-26
-
cpe:2.3:a:perltidy_project:perltidy:2003-10-21
-
cpe:2.3:a:perltidy_project:perltidy:2006-06-14
-
cpe:2.3:a:perltidy_project:perltidy:2006-07-19
-
cpe:2.3:a:perltidy_project:perltidy:2007-04-24
-
cpe:2.3:a:perltidy_project:perltidy:2007-05-04
-
cpe:2.3:a:perltidy_project:perltidy:2007-05-08
-
cpe:2.3:a:perltidy_project:perltidy:2007-08-01
-
cpe:2.3:a:perltidy_project:perltidy:2007-12-05
-
cpe:2.3:a:perltidy_project:perltidy:2009-06-16
-
cpe:2.3:a:perltidy_project:perltidy:2010-12-17
-
cpe:2.3:a:perltidy_project:perltidy:2012-06-19
-
cpe:2.3:a:perltidy_project:perltidy:2012-07-01
-
cpe:2.3:a:perltidy_project:perltidy:2012-07-01-1
-
cpe:2.3:a:perltidy_project:perltidy:2012-07-14
-
cpe:2.3:a:perltidy_project:perltidy:2012-12-07
-
cpe:2.3:a:perltidy_project:perltidy:2013-07-17
-
cpe:2.3:a:perltidy_project:perltidy:2013-08-05
-
cpe:2.3:a:perltidy_project:perltidy:2013-08-06
-
cpe:2.3:a:perltidy_project:perltidy:2013-09-22
-
cpe:2.3:a:perltidy_project:perltidy:2014-03-28
-
cpe:2.3:a:perltidy_project:perltidy:2014-07-11
-
cpe:2.3:a:perltidy_project:perltidy:2015-08-15
-
cpe:2.3:a:perltidy_project:perltidy:2016-03-01
-
cpe:2.3:a:perltidy_project:perltidy:2016-03-02