Unrated severityNVD Advisory· Published Nov 19, 2024· Updated Nov 3, 2025

CVE-2024-10224

Description

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Modules/ScanDepsllm-create
Range: <1.36
osv-coords2 versions
pkg:rpm/almalinux/perl-Module-ScanDeps pkg:rpm/opensuse/perl-Module-ScanDeps&distro=openSUSE%20Tumbleweed
< 1.30-6.el9+ 1 more
- (no CPE)range: < 1.30-6.el9
- (no CPE)range: < 1.370.0-1.1
Modules/Module::scandepsv5
Range: 0

Patches

Vulnerability mechanics

References

github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529mitrevendor-advisory
www.qualys.com/2024/11/19/needrestart/needrestart.txtmitrethird-party-advisory
www.cve.org/CVERecordmitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000