Bug 13970

Summary: [CVE 21] perl 5.30.3 CVEs CVE-2011-2201 EXPLOIT https://www.exploit-db.com/download/35836 found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED INVALID QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Normal CC: y.tumanov
Version: AllFlags: y.tumanov: secteam_verified+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2011-2201 https://www.exploit-db.com/download/35836
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-20 10:47:17 MSK 
perl	5.30.3	CVE-2011-2201	The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.			4,3	MEDIUM	CWE-264		AND	Не найден	https://nvd.nist.gov/vuln/detail/CVE-2011-2201	https://www.exploit-db.com/download/35836	Linux
Comment 1 Yury 2023-10-20 14:50:36 MSK 
Некорректное описание уязвимости на НВД,
Судя по описанию - так все-все версии уязвимости подвластны

Уязвим пакет
FormValidator 4.66 is vulnerable;
Ранее входивший в пер, у нас такого нет.