{"id":"CVE-2017-16248","details":"The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.","modified":"2026-04-16T06:23:09.608610812Z","published":"2017-11-01T01:29:01.010Z","references":[{"type":"ADVISORY","url":"https://bugs.debian.org/880458"},{"type":"ADVISORY","url":"https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple"},{"type":"REPORT","url":"https://rt.cpan.org/Public/Bug/Display.html?id=120558"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16248.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}