Main Vulnerability Database SB2020012827

SB2020012827 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in ETHER Module-Metadata

Published: January 28, 2020 Updated: July 17, 2020

Security Bulletin ID SB2020012827

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2013-1437)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

Remediation

Install update from vendor's website.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html
https://metacpan.org/changes/distribution/Module-Metadata