Description

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Remediation

References

CVE-2010-1447

Related Vulnerabilities

Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0033)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)

WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2010-1447 CWE-264

Tags

Missing Update Known Vulnerabilities