New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regex injection allows arbitrary execution using dynamic method lookup #6168
Comments
From @LLFournmy $regex-from-user = '{ shell "/bin/sh" }'; |
From @skidsOn Thu, 30 Mar 2017 05:41:29 -0700, lloyd.fourn@gmail.com wrote:
rakudo PR 1168 has been submitted to deal with this issue. |
The RT System itself - Status changed from 'new' to 'open' |
From @skidsOn Sat, 23 Sep 2017 06:59:18 -0700, bri@abrij.org wrote:
That patch is in now, but Zoffix pointed out that these cases still fall through the cracks. See the PR notes for ongoing progress. |
From @zoffixznetPR is now merged: rakudo/rakudo#1168 |
From @skidsOn Fri, 29 Sep 2017 12:05:52 -0700, cpan@zoffix.com wrote:
Tests now merged into roast via commit 6ae5f8ee2, so resolving this ticket. |
@skids - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#131079 (status was 'resolved')
Searchable as RT131079$
The text was updated successfully, but these errors were encountered: