CPANSA-PerlSpeak-2011-10007: PerlSpeak vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2025-06-05T00:00:00	Engine	CSAF Perl Toolkit 0.26
Current release date	2025-06-05T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	9.8	Severity
Original language		Language	en
Also referred to

Vulnerability Description

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.

Vulnerabilities

CVE-2020-10674

Vulnerability Description

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.

Weakness	CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Known affected

Product

Score

PerlSpeak less than or equal 2.01

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	9.8	Critical
2.0	AV:N/AC:L/Au:N/C:P/I:P/A:P	7.5	High

Fixed

PerlSpeak greater than 2.01

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-PerlSpeak-2011-10007 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2025/cpansa-perlspeak-2011-10007.json
https://nvd.nist.gov/vuln/detail/CVE-2020-10674 external
https://nvd.nist.gov/vuln/detail/CVE-2020-10674
https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes external
https://metacpan.org/source/JKAMPHAUS/PerlSpeak-2.01/Changes
https://rt.cpan.org/Public/Bug/Display.html?id=132173 external
https://rt.cpan.org/Public/Bug/Display.html?id=132173
https://github.com/gitpan/PerlSpeak external
https://github.com/gitpan/PerlSpeak
CVE-2020-10674 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2020-10674

Revision history

Version	Date of the revision	Summary of the revision
1	Thu Jun 5 00:00:00 2025	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/