rpm package
almalinux/perl-File-Fetch
pkg:rpm/almalinux/perl-File-Fetch
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48962 | Hig | 7.3 | < 1.00-1.module_el8.6.0+2766+8bf0b7ce | 1.00-1.module_el8.6.0+2766+8bf0b7ce | May 27, 2026 | IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored | |
| CVE-2026-42496 | Cri | 9.1 | < 1.00-1.module_el8.6.0+2766+8bf0b7ce | 1.00-1.module_el8.6.0+2766+8bf0b7ce | May 26, 2026 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode | |
| CVE-2025-40909 | Med | 5.9 | < 1.00-1.module_el8.6.0+2766+8bf0b7ce | 1.00-1.module_el8.6.0+2766+8bf0b7ce | May 30, 2025 | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is | |
| CVE-2023-47038 | — | < 1.00-1.module_el8.6.0+2766+8bf0b7ce | 1.00-1.module_el8.6.0+2766+8bf0b7ce | Dec 18, 2023 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. |
- affected < 1.00-1.module_el8.6.0+2766+8bf0b7cefixed 1.00-1.module_el8.6.0+2766+8bf0b7ce
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored
- affected < 1.00-1.module_el8.6.0+2766+8bf0b7cefixed 1.00-1.module_el8.6.0+2766+8bf0b7ce
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode
- affected < 1.00-1.module_el8.6.0+2766+8bf0b7cefixed 1.00-1.module_el8.6.0+2766+8bf0b7ce
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is
- CVE-2023-47038Dec 18, 2023affected < 1.00-1.module_el8.6.0+2766+8bf0b7cefixed 1.00-1.module_el8.6.0+2766+8bf0b7ce
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.