CGI::Application and recent bash security hole

gvim gvimrc at gmail.com
Fri Sep 26 02:41:13 BST 2014


On 25/09/2014 17:59, Sue Spence wrote:
> Is your system shell bash? Does your application have any code which shells
> out to that (system(), ``, qx() etc)?  If so, then probably yes.
>
>

No, I think I'm safe as the application merely takes in form data, 
scrubs it and enters them it into a database before passing the user to 
a list of options which, once one is selected, result in a handful of 
emails being sent out using MIME::Lite::TT and Email::Address.

gvim


More information about the london.pm mailing list