vulnerability
FreeBSD: VID-333f655a-b93a-11e5-9efa-5453ed2e2b49 (CVE-2015-8607): p5-PathTools -- File::Spec::canonpath loses taint
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 12, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 12, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Ricardo Signes reports: Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This defect was found and reported by David Golden of MongoDB.
Solutions
freebsd-upgrade-package-p5-pathtoolsfreebsd-upgrade-package-perl5freebsd-upgrade-package-perl5-20freebsd-upgrade-package-perl5-22freebsd-upgrade-package-perl5-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.