CGI::Application and recent bash security hole
gvimrc at gmail.com
Fri Sep 26 02:41:13 BST 2014
On 25/09/2014 17:59, Sue Spence wrote:
> Is your system shell bash? Does your application have any code which shells
> out to that (system(), ``, qx() etc)? If so, then probably yes.
No, I think I'm safe as the application merely takes in form data,
scrubs it and enters them it into a database before passing the user to
a list of options which, once one is selected, result in a handful of
emails being sent out using MIME::Lite::TT and Email::Address.
More information about the london.pm