CVE-2017-0374 The advisory has been revoked - it doesn't affect any version of package libconfig-model-perl  (opens in a new tab)


Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2010-LIBCONFIGMODELPERL-1027953
  • published23 May 2017
  • disclosed23 May 2017

Introduced: 23 May 2017

CVE-2017-0374  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:20.10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libconfig-model-perl package and not the libconfig-model-perl package as distributed by Ubuntu.

lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.