Primary

Context

YAML-LibYAML for Perl Two-Argument Open Vulnerability Allowing File Modification

Vulnerability

A vulnerability exists in YAML-LibYAML for Perl, in versions prior to 0.903.0, where the 'LoadFile' function uses a two-argument open. This behavior allows existing files to be truncated and modified, potentially leading to data loss.

Impact

Exploitation of this vulnerability can result in unintended modification of files, specifically truncating their contents.

Reproduction

The vulnerability can be reproduced by using the 'LoadFile' function with a filename that includes a write directive, such as '>' followed by a filename. This will overwrite and truncate the specified file. After the 'LoadFile' call, the file will be modified, demonstrating the vulnerability.

Remediation

Users can update to YAML-LibYAML version 0.903.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

YAML-LibYAML for Perl Two-Argument Open Vulnerability Allowing File Modification

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating