Digest.pm < 1.17 has vul.

https://metacpan.org/source/GAAS/Digest-1.17/Changes

Normally, you don't need to pass the digesting algorithm for Digest.pm.
This issue is not a big issue.

Older version of Digest.pm runs any perl code in Digest->new

Digest->new("strict; `rm -rf /`");

If you passing user's input to Digest.pm, you need to update the module.

ref.

• https://github.com/gisle/digest/pull/1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3597

Published: 2012-09-27(Thu) 00:38