GHSA-8x3h-9qcg-hv3jCriticalCVSS 9.8

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. ...

Published
July 7, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (1)

📋 Description

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.

Module names starting with "::" could be passed to the load function to specify arbitrary module paths.

Attackers able to influence module names passed to load could use that bug to execute arbitrary code.

🔗 References (5)