VDB
DEBIAN-CVE-2011-1487
DEBIAN-CVE-2011-1487
PUBLISHED
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | perl | 0, 0, 0 |
| Debian:12 | perl | 0, 0, 0 |
| Debian:14 | perl | 0, 0, 0 |
| Debian:13 | perl | 0, 0, 0 |
Timeline
- Apr 11, 2011 CVE Published
- Apr 28, 2026 CVE Updated