{ "CVE_data_meta" : { "ASSIGNER" : "security@debian.org", "ID" : "CVE-2017-0374", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "libconfig-model-perl", "version" : { "version_data" : [ { "version_value" : "libconfig-model-perl" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "untrusted include directory" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", "refsource" : "CONFIRM", "url" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" }, { "name" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573", "refsource" : "CONFIRM", "url" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573" }, { "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0374", "refsource" : "CONFIRM", "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0374" } ] } }