login

Date Index - June 2025 - CPANSec CVE announcements

01 Jun 2025 17:00 UTC CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Timothy Legge
05 Jun 2025 12:04 UTC CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
11 Jun 2025 14:08 UTC CVE-2025-40914: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow Robert Rothenberg
11 Jun 2025 17:25 UTC CVE-2025-40915: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens Robert Rothenberg
11 Jun 2025 17:52 UTC CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode Robert Rothenberg
12 Jun 2025 00:38 UTC CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities Stig Palmquist
16 Jun 2025 11:09 UTC CVE-2025-40916: Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text Robert Rothenberg
27 Jun 2025 12:31 UTC CVE-2025-40910: Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses Robert Rothenberg