CVE-2011-4116 | perl-base (CWE-59)

[ckalpakoglu]

Due Date: 0001-01-01

A low severity vulnerability has been discovered in your project.

Project Name: servicenow_test

Scanner Name: trivy

Cwe ID: 59

Cwe Name: Improper Link Resolution Before File Access (Link Following)

Cwe Link: https://cwe.mitre.org/data/definitions/59.html

CVE ID: CVE-2011-4116

Target: nginx:latest (debian 11.6)

Packages:

• perl-base : 5.32.1-4+deb11u2 - Fixed Version:

References:

• http://www.openwall.com/lists/oss-security/2011/11/04/2
• http://www.openwall.com/lists/oss-security/2011/11/04/4
• https://access.redhat.com/security/cve/CVE-2011-4116
• File:Temp::_is_safe() allows unsafe traversal of symlinks [rt.cpan.org #69106] Perl-Toolchain-Gang/File-Temp#14
• https://rt.cpan.org/Public/Bug/Display.html?id=69106
• https://seclists.org/oss-sec/2011/q4/238

Tool Description: _is_safe in the File::Temp module for Perl does not properly handle symlinks.

Custom Description: test

Kondukto Link: https://82.kondukto.local/projects/63e2545dbf77a650cf3de18a/vulns/appsec?page=1&perPage=15&id=in:63e25890c3b2a1fe0cd7915f
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4116

[ckalpakoglu]

The issue has been closed by Kondukto since it is marked as won't fix.