Perl Locale::Maketext Module Two Code Injection
Perl Locale::Maketext Module Two Code Injection Vulnerabilities
Release Date : 2012-12-07
Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround
Software: Locale::Maketext 1.x (module for Perl)
Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module.
The vulnerabilities are caused due to the "_compile()" function not properly sanitising input, which can be exploited to inject and execute arbitrary Perl code.
The vulnerabilities are reported in version 1.23. Prior versions may also be affected.
Fixed in the GIT repository:
Provided and/or discovered by:
Brian Carlson of cPanel