CVE-2024-55918
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-55918 is a vulnerability affecting the Graphics::ColorNames package prior to version 3.2.0 in Perl. The issue stems from a confusion between module names and filenames, which can be exploited by an attacker to inject malicious HTML code into a system. By creating a file with a name that resembles a Perl module in the current working directory, an adversary can potentially manipulate the application and introduce unwanted content. This ambiguity poses a significant risk to Perl applications using the Graphics::ColorNames package, and it is recommended that users upgrade to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.