{ "CVE_data_meta" : { "ASSIGNER" : "security@debian.org", "ID" : "CVE-2017-0373", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "libconfig-model-perl", "version" : { "version_data" : [ { "version_value" : "libconfig-model-perl" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "library mishandling" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", "refsource" : "CONFIRM", "url" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" }, { "name" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773", "refsource" : "CONFIRM", "url" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773" }, { "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0373", "refsource" : "CONFIRM", "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0373" } ] } }