FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Template::Toolkit -- Directory traversal on write

Affected packages
p5-Template-Toolkit < 3.004

Details

VuXML ID 2bab995f-36d4-11ea-9dad-002590acae31
Discovery 2019-12-13
Entry 2020-01-14

Art Manion and Will Dormann report:

By using an older and less-secure form of open(), it is possible for untrusted template files to cause reads/writes outside of the template directories. This vulnerability is a component of the recent Citrix exploit.

[source]

References

CVE Name CVE-2019-19781
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781
URL https://www.kb.cert.org/vuls/id/619785/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.