Vulnerability Details CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529
- https://www.cve.org/CVERecord?id=CVE-2024-10224
- https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
- http://seclists.org/fulldisclosure/2024/Nov/15
- http://seclists.org/fulldisclosure/2024/Nov/17
- https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html
- https://www.openwall.com/lists/oss-security/2024/11/19/1
Products affected by CVE-2024-10224
-
cpe:2.3:a:rschupp:modules:
-
cpe:2.3:o:debian:debian_linux:11.0