CVE-2011-10043
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be p
CVSS
9.8
Crítico
EPSS
0.4%
p35
KEV
—
Exploit Today
10
0-100
Publicado: 7 jul 2026 · Última mod.: 7 jul 2026 · CWE-145
0.4%EPSS · 30 días0.4%
2026-07-082026-07-18
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
- blogs.perl.orghttps://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html
- metacpan.orghttps://metacpan.org/release/BINGOS/Module-Load-0.22/changes
- metacpan.orghttps://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm
Sin CVEs relacionados por CWE o producto.