VDB

GCVE-110-MAGEIA-2016-299

GCVE-110-MAGEIA-2016-299
Advisory Published
Vulnetix · Advisory published September 16, 2016
An arbitrary code execution can be achieved if loading code from untrusted current working directory despite the '.' is removed from @INC. Vulnerability is in XSLoader that uses caller() information to locate .so file to load. If malicious attacker creates directory named `(eval 1)` with malicious binary file in it, it will be loaded if the package calling XSLoader is in parent directory (CVE-2016-6185).

Affected Products

VendorProductVersionsPlatforms
Mageiaperl-XSLoader0 (affected), 0.160.0-7.1.mga5 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›