Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0374 | 1 Config-model Project | 1 Config-model | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. | |||||
CVE-2017-0373 | 1 Config-model Project | 1 Config-model | 2017-06-08 | 6.8 MEDIUM | 7.3 HIGH |
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. |