Taint Protection Bypass in Perl's File::Spec Module
CVE-2015-8607 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Learn more about our Web Application Penetration Testing UK.