Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^6: One liner with globs on Windows to parse .srt files

by jcb (Parson)
on May 15, 2021 at 02:30 UTC ( [id://11132618] : note . print w/replies, xml ) Need Help??


in reply to Re^5: One liner with globs on Windows to parse .srt files
in thread One liner with globs on Windows to parse .srt files

This is substantially the same logic quirk as the old "ShellShock" bug in bash. Both of these take an expected "data" value (although here the "data" is the name of a module to import instead of the body of a shell function) and then execute code given after that value in the same string.

The best argument against calling this a security issue is that it must be either given on the command line or in $PERL5OPT — and you have bigger problems if either of those is within an attacker's control.

  • Comment on Re^6: One liner with globs on Windows to parse .srt files