CVE-2011-10043
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
| CWE | CWE-145 |
| Vendor | bingos |
| Product | module::load |
| Published | Jul 7, 2026 |
| Last Updated | Jul 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for bingos module::load
Be the first to know when new critical vulnerabilities affecting bingos module::load are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
BINGOS / Module::Load
0 < 0.22
References
blogs.perl.org: https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html metacpan.org: https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm metacpan.org: https://metacpan.org/release/BINGOS/Module-Load-0.22/changes