Package: perl Version: 5.26.0~rc1-1 Severity: critical Justification: privilege escalation in library code
Similar to #286905, a new race condition has been reported in File-Path: https://rt.cpan.org/Public/Bug/Display.html?id=121951 In the rmtree() and remove_tree() functions, the chmod()logic to make directories traversable can be abused to set the mode on an attacker-chosen file to an attacker-chosen value. This is due to the time-of-check-to-time-of-use (TOCTTOU) race condition (https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use) between the stat() that decides the inode is a directory and the chmod() that tries to make it user-rwx. Fixed on CPAN with 2.13.
