login

Date Index - June 2025 - CPANSec CVE announcements

01 Jun 2025 17:00 UTC CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Timothy Legge
05 Jun 2025 12:04 UTC CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge
11 Jun 2025 14:08 UTC CVE-2025-40914: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow Robert Rothenberg
11 Jun 2025 17:25 UTC CVE-2025-40915: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens Robert Rothenberg
11 Jun 2025 17:52 UTC CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode Robert Rothenberg
12 Jun 2025 00:38 UTC CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities Stig Palmquist