CVE-2014-10401
MEDIUMPerl Dbi < 1.632 - Incorrect Permission Assignment
Title source: ruleDescription
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://rt.cpan.org/Public/Bug/Display.html?id=99508
Patch, Third Party Advisory x_refsource_misc
https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
Release Notes, Third Party Advisory x_refsource_misc
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4509-1/
Scores
CVSS v3
6.1
EPSS
0.0003
EPSS Percentile
9.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-732
Status
published
Products (1)
perl/dbi
< 1.632
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026