The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Perl | Perl | 5.23.0 (including) | 5.24.1 (excluding) |
Perl | Perl | 5.25.0 (including) | 5.25.3 (excluding) |