Vulnerability Details CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.debian.org/880458
- https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple
- https://rt.cpan.org/Public/Bug/Display.html?id=120558
- https://bugs.debian.org/880458
- https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple
- https://rt.cpan.org/Public/Bug/Display.html?id=120558
Products affected by CVE-2017-16248
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.01
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.02
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.03
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.04
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.05
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.06
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.07
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.08
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.09
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.10
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.11
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.12
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.13
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.14
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.15
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.16
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.17
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.18
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.19
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.20
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.21
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.22
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.23
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.24
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.25
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.26
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.27
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.28
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.29
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.30
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.31
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.32
-
cpe:2.3:a:catalyst-plugin-static-simple_project:catalyst-plugin-static-simple:0.33