Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Meks Flexible Shortcodes Cross-Site Scripting (1.3.4)
Jenkins CVE-2014-2063 Vulnerability (CVE-2014-2063)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)
Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2023-33950)
Oracle Application Server Other Vulnerability (CVE-2007-3859)