CVE-2011-10043

EUVD-2011-5272
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.

Module names starting with "::" could be passed to the load function to specify arbitrary module paths.

Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u3
fixed
bookworm (security)
5.36.0-7+deb12u2
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u5
fixed
forky
5.40.1-8
fixed
sid
5.40.1-8
fixed
trixie
5.40.1-6
fixed