CVE-2010-1447
perl - restriction bypass
EPSS 0.45%
Description
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
How to fix CVE-2010-1447
To remediate CVE-2010-1447, upgrade the affected package to a fixed version below.
- Debian/perl—upgrade to 5.12.3-1 or later
- —upgrade to 5.10.0-19lenny5 or later
Is CVE-2010-1447 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.12.3-1
- from 0, < 5.10.0-19lenny5