CVE-2024-55918

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 13, 2024
Updated: Dec 17, 2024
CWE ID 94

Summary

CVE-2024-55918 is a vulnerability affecting the Graphics::ColorNames package prior to version 3.2.0 in Perl. The issue stems from a confusion between module names and filenames, which can be exploited by an attacker to inject malicious HTML code into a system. By creating a file with a name that resembles a Perl module in the current working directory, an adversary can potentially manipulate the application and introduce unwanted content. This ambiguity poses a significant risk to Perl applications using the Graphics::ColorNames package, and it is recommended that users upgrade to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share