Description

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Remediation

References

CVE-2011-1487

Related Vulnerabilities

IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)

WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)

Sqlite Out-of-bounds Read Vulnerability (CVE-2019-9936)

WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)

WordPress 5.3.x Prototype Pollution (5.3 - 5.3.11)

Severity

Medium

Classification

CVE-2011-1487 CWE-264

Tags

Missing Update Known Vulnerabilities