ByteOS Network

TOBYINK

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-30673

Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e

View Details

Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 18.26%

7 Day CHG-0.03%

Published-01 Apr, 2025 | 02:02

Updated-01 Apr, 2025 | 20:26

Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

Vendor-TOBYINK

Product-Sub::HandlesVia

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2025-30672

Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e

View Details

Assigner-9b29abf9-4ab0-4765-b253-1875cd9b441e

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.91%

7 Day CHG-0.03%

Published-01 Apr, 2025 | 01:51

Updated-01 Apr, 2025 | 20:26

Mite for Perl generates code with an untrusted search path vulnerability

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

Vendor-TOBYINK

Product-Mite

CWE ID-CWE-427

Uncontrolled Search Path Element