mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-01 03:00:54 +00:00
832 B
832 B
CVE-2016-6185
Description
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- https://rt.cpan.org/Public/Bug/Display.html?id=115808