{"id":"AZL-53397","summary":"CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3","details":"Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval().","modified":"2026-04-21T04:35:14.544520Z","published":"2024-11-19T18:15:19Z","upstream":["CVE-2024-10224"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10224"}],"affected":[{"package":{"name":"perl-Module-ScanDeps","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/perl-Module-ScanDeps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.35-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53397.json"}}],"schema_version":"1.7.5"}