VYPR

rpm package

almalinux/perl-IPC-Cmd

pkg:rpm/almalinux/perl-IPC-Cmd

Vulnerabilities (4)

  • CVE-2026-48962HigMay 27, 2026
    affected < 2:1.04-2.module_el8.6.0+2766+8bf0b7cefixed 2:1.04-2.module_el8.6.0+2766+8bf0b7ce

    IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored

  • CVE-2026-42496CriMay 26, 2026
    affected < 2:1.04-2.module_el8.6.0+2766+8bf0b7cefixed 2:1.04-2.module_el8.6.0+2766+8bf0b7ce

    Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode

  • CVE-2025-40909MedMay 30, 2025
    affected < 2:1.04-2.module_el8.6.0+2766+8bf0b7cefixed 2:1.04-2.module_el8.6.0+2766+8bf0b7ce

    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is

  • CVE-2023-47038Dec 18, 2023
    affected < 2:1.04-2.module_el8.6.0+2766+8bf0b7cefixed 2:1.04-2.module_el8.6.0+2766+8bf0b7ce

    A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.