Linux::Statm::Tiny Arbitrary Code Execution Vulnerability
Vulnerability
A vulnerability in the Linux::Statm::Tiny Perl module, prior to version 0.0701, allows untrusted code from the current working directory to be loaded. This issue arises because the module's file loading mechanism can be manipulated to execute malicious code, potentially leading to arbitrary code execution. The vulnerability is related to the handling of the current working directory in Perl's module loading system, which can be exploited if an attacker places a harmful file in the directory from which the Perl script is run.
Impact
Exploitation of this vulnerability could result in arbitrary code execution on the system where the affected Perl module is used.
Reproduction
To reproduce this vulnerability, place a malicious Perl file in the current working directory. When a script that uses the Linux::Statm::Tiny module is executed, the malicious file may be loaded instead of the intended one, due to the module's vulnerability to untrusted code execution from the current directory.
Remediation
Users should upgrade to Linux::Statm::Tiny version 0.0701 or later, where this vulnerability has been addressed.