CPANSA-File-Path-2017-01: File-Path vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2017-05-02T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2017-05-02T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 5.9 | Severity | |
Original language | Language | en | |
Also referred to |
Vulnerability Description
Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Vulnerabilities
CVE-2017-6512
Vulnerability DescriptionRace condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Weakness | CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
File-Path less than 2.13 |
|
Fixed
- File-Path greater than or equal 2.13
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-File-Path-2017-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-file-path-2017-01.json - https://metacpan.org/changes/distribution/File-Path external
https://metacpan.org/changes/distribution/File-Path - https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 external
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 - CVE-2017-6512 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2017-6512
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue May 2 00:00:00 2017 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/