VDB
GCVE-110-MAGEIA-2016-299
GCVE-110-MAGEIA-2016-299
Advisory Published
An arbitrary code execution can be achieved if loading code from untrusted
current working directory despite the '.' is removed from @INC.
Vulnerability is in XSLoader that uses caller() information to locate .so
file to load. If malicious attacker creates directory named `(eval 1)`
with malicious binary file in it, it will be loaded if the package calling
XSLoader is in parent directory (CVE-2016-6185).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | perl-XSLoader | 0 (affected), 0.160.0-7.1.mga5 (unaffected) | — |
Aliases
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.