Back to overview

CVE-2011-10043

CRITICAL
9.8
CVSS 3.1
Description
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code.

Metadata

CVE ID
CVE-2011-10043
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-07-05 11:47 UTC
Published
2026-07-07 11:46 UTC
Last updated
2026-07-07 16:04 UTC
Primary CWE
CWE-145
CWE-145 Improper Neutralization of Section Delimiters
Vendor / Product
BINGOS / Module::Load
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
BINGOS Module::Load 0 < 0.22
Weakness (CWE)
CWESourceDescription
CWE-145 cna CWE-145 Improper Neutralization of Section Delimiters
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview