关键信息 漏洞描述: - Capture::Tiny insecurely using . - The vulnerability involves the insecure use of where a flag file is used to signal that the child process is ready. 问题详情: - Original report: Debian BTS - First temporary file is created securely, but the second call lacks the flag. 相关代码: - documentation notes: When called in scalar context, returns the full name (including path) of a temporary file (uses mktemp()). Only checks that the file does not already exist, but no guarantee that this condition will continue to apply. 修复信息: - Fixed in commit: 635c9ea - Shipped to CPAN as version 0.24. 状态: - Issue is closed and marked as completed on Feb 7, 2014.