Perltidy Project » Perltidy : Security Vulnerabilities, CVEs,

CVE-2016-10374

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-05-17
Updated
2020-03-02

CVE-2014-2277

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.
Max CVSS
7.1
EPSS Score
0.04%
Published
2017-10-17
Updated
2020-02-04
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close