Do you know where your variables are? | |
PerlMonks |
Re^6: One liner with globs on Windows to parse .srt filesby jcb (Parson) |
on May 15, 2021 at 02:30 UTC ( [id://11132618]=note: print w/replies, xml ) | Need Help?? |
This is substantially the same logic quirk as the old "ShellShock" bug in bash. Both of these take an expected "data" value (although here the "data" is the name of a module to import instead of the body of a shell function) and then execute code given after that value in the same string. The best argument against calling this a security issue is that it must be either given on the command line or in $PERL5OPT — and you have bigger problems if either of those is within an attacker's control.
In Section
Seekers of Perl Wisdom
|
|