AZL-53397

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53397.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-53397

Upstream

CVE-2024-10224

Published

2024-11-19T18:15:19Z

Modified

2026-04-21T04:35:14.544520Z

Summary

CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3

Details

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10224

Affected packages

Azure Linux:3 / perl-Module-ScanDeps

Package

Name: perl-Module-ScanDeps
Purl: pkg:rpm/azure-linux/perl-Module-ScanDeps

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.35-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53397.json"