rpm package
almalinux/perl-Pod-Html
pkg:rpm/almalinux/perl-Pod-Html
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48962 | Hig | 7.3 | < 1.25-474.module_el8.10.0+4162+0aac7c4c | 1.25-474.module_el8.10.0+4162+0aac7c4c | May 27, 2026 | IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored | |
| CVE-2026-42496 | Cri | 9.1 | < 1.25-474.module_el8.10.0+4162+0aac7c4c | 1.25-474.module_el8.10.0+4162+0aac7c4c | May 26, 2026 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode | |
| CVE-2025-40909 | Med | 5.9 | < 1.22.02-423.el8_10 | 1.22.02-423.el8_10 | May 30, 2025 | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is | |
| CVE-2024-56406 | — | < 1.35-512.1.el10_0 | 1.35-512.1.el10_0 | Apr 13, 2025 | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can | ||
| CVE-2023-47038 | — | < 1.25-481.el9 | 1.25-481.el9 | Dec 18, 2023 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. |
- affected < 1.25-474.module_el8.10.0+4162+0aac7c4cfixed 1.25-474.module_el8.10.0+4162+0aac7c4c
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored
- affected < 1.25-474.module_el8.10.0+4162+0aac7c4cfixed 1.25-474.module_el8.10.0+4162+0aac7c4c
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode
- affected < 1.22.02-423.el8_10fixed 1.22.02-423.el8_10
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is
- CVE-2024-56406Apr 13, 2025affected < 1.35-512.1.el10_0fixed 1.35-512.1.el10_0
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can
- CVE-2023-47038Dec 18, 2023affected < 1.25-481.el9fixed 1.25-481.el9
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.