Description
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65475
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91464
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56823
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102963
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1062424
Exploit x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html
Exploit mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/267
Various Sources x_refsource_confirm
http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/272
Patch x_refsource_confirm
https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924
Exploit x_refsource_confirm
https://github.com/dagolden/Capture-Tiny/issues/16
Scores
EPSS
0.0052
EPSS Percentile
39.7%
Details
CWE
CWE-59
Status
published
Products (4)
cspan/capture-tiny
0.20
cspan/capture-tiny
0.21
cspan/capture-tiny
0.22
cspan/capture-tiny
< 0.23
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026