{"id":"CVE-2022-44542","details":"lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.","modified":"2026-04-10T04:52:30.644284Z","published":"2022-11-01T01:15:10.280Z","references":[{"type":"ADVISORY","url":"https://github.com/wofr06/lesspipe/releases/tag/v2.06"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202211-02"},{"type":"FIX","url":"https://bugs.gentoo.org/865631"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wofr06/lesspipe","events":[{"introduced":"0"},{"fixed":"a2182822b5dd201f6fad64f0966a5e64d0ebd2a9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.06"}]}}],"versions":["1.83","1.85","1.86","1.87","1.88","1.89","1.90","1.91","v1.87","v2.00","v2.01","v2.02","v2.03","v2.04","v2.05"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44542.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}