PT-2017-10550 · Perl · Config-Model
Published
2017-05-23
·
Updated
2019-10-03
·
CVE-2017-0374
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Config-Model versions prior to 2.102
Description
The issue allows local users to gain privileges via a crafted model in the current working directory. This is related to the use of . with the INC array in the lib/Config/Model.pm file.
Recommendations
For versions prior to 2.102, update to version 2.102 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Config-Model