CVE-2014-2277
Public on 2014-06-15
Modified on 2014-09-19
Description
The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | perltidy | 2014-06-15 | ALAS-2014-356 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:P/A:N |