Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675)
WordPress Plugin Mitsol Social Post Feed Cross-Site Scripting (1.10)
Vulnerable project dependencies
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)