Launchpad.net

CVE 2017-6512

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

See the CVE page on Mitre.org for more details.