CVE-2021-36770 in Middleware Common Libraries and Tools
요약 (영어)
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
예약하다
2021. 07. 17.
공개
2021. 08. 12.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 218719 | Oracle Middleware Common Libraries and Tools Third Party Patch 권한 상승 | 427 | 정의되지 않음 | 공식 수정 | CVE-2021-36770 |
| 180668 | Encode.pm ConfigLocal 권한 상승 | 427 | 정의되지 않음 | 공식 수정 | CVE-2021-36770 |