Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-4858 Vulnerability (CVE-2015-4858)
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-16865)
MySQL CVE-2019-2798 Vulnerability (CVE-2019-2798)
Oracle JRE CVE-2018-2629 Vulnerability (CVE-2018-2629)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2603)