Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Module::Load by BINGOS
CVE-2011-10043 (GCVE-0-2011-10043)
Vulnerability from nvd – Published: 2026-07-07 11:46 – Updated: 2026-07-07 16:04
VLAI
EPSS
VEX
Title
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
Summary
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.
Module names starting with "::" could be passed to the load function to specify arbitrary module paths.
Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-145 - Improper Neutralization of Section Delimiters
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.perl.org/users/michael_g_schwern/20… | technical-description |
| https://metacpan.org/release/BINGOS/Module-Load-0… | |
| https://metacpan.org/release/BINGOS/Module-Load-0… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Module::Load |
Affected:
0 , < 0.22
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-10043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:04:25.108284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:04:29.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Module-Load",
"product": "Module::Load",
"programFiles": [
"lib/Module/Load.pm"
],
"programRoutines": [
{
"name": "Module::Load::_to_file"
}
],
"repo": "https://github.com/jib/module-load",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.\n\nModule names starting with \"::\" could be passed to the load function to specify arbitrary module paths.\n\nAttackers able to influence module names passed to load could use that bug to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-145",
"description": "CWE-145 Improper Neutralization of Section Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T11:46:13.575Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html"
},
{
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "If you are using Perl v5.15.3 or earlier, then upgrade to Module::Load 0.22 or later.\n\nPerl versions after v5.15.4 include newer versions of Module::Load that fix this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2011-10-02T00:00:00.000Z",
"value": "General issue identified by Michael G Schwern in blog post."
},
{
"lang": "en",
"time": "2011-10-04T00:00:00.000Z",
"value": "Module::Load 0.22 released."
},
{
"lang": "en",
"time": "2011-10-20T00:00:00.000Z",
"value": "Perl v5.15.4 released with Module::Load 0.22."
}
],
"title": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2011-10043",
"datePublished": "2026-07-07T11:46:13.575Z",
"dateReserved": "2026-07-05T11:47:35.949Z",
"dateUpdated": "2026-07-07T16:04:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-10043 (GCVE-0-2011-10043)
Vulnerability from cvelistv5 – Published: 2026-07-07 11:46 – Updated: 2026-07-07 16:04
VLAI
EPSS
VEX
Title
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
Summary
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.
Module names starting with "::" could be passed to the load function to specify arbitrary module paths.
Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-145 - Improper Neutralization of Section Delimiters
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.perl.org/users/michael_g_schwern/20… | technical-description |
| https://metacpan.org/release/BINGOS/Module-Load-0… | |
| https://metacpan.org/release/BINGOS/Module-Load-0… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Module::Load |
Affected:
0 , < 0.22
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-10043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:04:25.108284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:04:29.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Module-Load",
"product": "Module::Load",
"programFiles": [
"lib/Module/Load.pm"
],
"programRoutines": [
{
"name": "Module::Load::_to_file"
}
],
"repo": "https://github.com/jib/module-load",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.\n\nModule names starting with \"::\" could be passed to the load function to specify arbitrary module paths.\n\nAttackers able to influence module names passed to load could use that bug to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-145",
"description": "CWE-145 Improper Neutralization of Section Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T11:46:13.575Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html"
},
{
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "If you are using Perl v5.15.3 or earlier, then upgrade to Module::Load 0.22 or later.\n\nPerl versions after v5.15.4 include newer versions of Module::Load that fix this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2011-10-02T00:00:00.000Z",
"value": "General issue identified by Michael G Schwern in blog post."
},
{
"lang": "en",
"time": "2011-10-04T00:00:00.000Z",
"value": "Module::Load 0.22 released."
},
{
"lang": "en",
"time": "2011-10-20T00:00:00.000Z",
"value": "Perl v5.15.4 released with Module::Load 0.22."
}
],
"title": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2011-10043",
"datePublished": "2026-07-07T11:46:13.575Z",
"dateReserved": "2026-07-05T11:47:35.949Z",
"dateUpdated": "2026-07-07T16:04:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}