Perl Sub::HandlesVia Arbitrary Code Execution Vulnerability
Vulnerability
A vulnerability in the Perl module Sub::HandlesVia, affecting versions prior to 0.050002, allows untrusted code from the current working directory to be executed. This issue arises because the module can inadvertently load malicious files, potentially leading to arbitrary code execution. The vulnerability is similar to CVE-2016-1238, where an attacker could exploit the file loading mechanism by placing a harmful file in the current directory.
Impact
Exploitation of this vulnerability could result in arbitrary code execution on the system where the affected Perl module is used.
Reproduction
To reproduce this vulnerability, place a malicious Perl file in the current working directory. When a script that uses the Sub::HandlesVia module is executed, the malicious file may be loaded instead of the intended one. This can be done by creating a Perl script that imports Sub::HandlesVia and then running it from a directory containing the malicious file.
Remediation
Users are advised to update to Sub::HandlesVia version 0.050002 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.