[oss-security] CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Timothy Legge Fri, 15 May 2026 16:09:36 -0700

========================================================================
CVE-2026-8704                                        CPAN Security Group
========================================================================


        CVE ID:  CVE-2026-8704
  Distribution:  Crypt-DSA
      Versions:  through 1.19

      MetaCPAN:  https://metacpan.org/dist/Crypt-DSA
      VCS Repo:  https://github.com/perl-Crypt-OpenPGP/Crypt-DSA


Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing
existing files to be modified

Description
-----------
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing
existing files to be modified.

Problem types
-------------
- CWE-552 Files or Directories Accessible to External Parties

Solutions
---------
Upgrade to version 1.20


References
----------
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm

Timeline
--------
- 2026-05-15: CPANSec identified issue
- 2026-05-15: Author was notified
- 2026-05-15: Version 1.20 released.

[oss-security] CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Reply via email to