Taint Protection Bypass in Perl's File::Spec Module

Taint Protection Bypass in Perl's File::Spec Module

CVE-2015-8607 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Learn more about our Web Application Penetration Testing UK.