Pmqs

**Name of the Vulnerable Software and Affected Versions** IO::Compress versions prior to 2.220 **Description** An issue in File::GlobMapper allows the execution of arbitrary code through an attacker-controlled output glob. The function ` parseOutputGlob()` wraps the provided output glob string in double quotes and stores it in the parser state. Subsequently, the ` getFiles()` function executes the stored expression using `eval STRING`. A literal double quote within the output glob can close the double quote wrapper, causing the subsequent characters to be evaluated as Perl code. This code executes with the privileges of the calling process. **Recommendations** Update to version 2.220 or later.