Thread Index - June 2025 - CPANSec CVE announcements

CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Timothy Legge (01 Jun 2025 17:00 UTC)
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge (05 Jun 2025 12:04 UTC)
CVE-2025-40914: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow Robert Rothenberg (11 Jun 2025 14:08 UTC)
CVE-2025-40915: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens Robert Rothenberg (11 Jun 2025 17:25 UTC)
CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode Robert Rothenberg (11 Jun 2025 17:52 UTC)
CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities Stig Palmquist (12 Jun 2025 00:38 UTC)