FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 06:34:59 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3a7c5fc4-b50c-11df-977b-ecc31dd8ad06	p5-libwww -- possibility to remote servers to create file with a .(dot) character lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a `.' (dot) character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. Discovery 2010-06-09 Entry 2010-08-31 p5-libwww < 5.835 CVE-2010-2253 http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes

VuXML ID

Description

3a7c5fc4-b50c-11df-977b-ecc31dd8ad06

p5-libwww -- possibility to remote servers to create file with a .(dot) character

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a `.' (dot) character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

Discovery 2010-06-09
Entry 2010-08-31
p5-libwww

< 5.835

CVE-2010-2253
http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes