/ 
Safe-2.08
River stage four • 28 direct dependents • 2122 total dependents
Security Advisories (2)
CVE-2010-1168 (2010-06-21)

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

CVE-2010-1447 (2010-05-19)

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Changes for version 2.08 - 2002-10-05

  • First CPAN release, prompted by bug number 17744 on rt.perl.org. http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
  • Change 17977 by rgs@rgs-home on 2002/10/04 20:01:54 Complement to change #17976 : there was a similar bug on rdo(). Increment $Safe::VERSION.
  • Change 17976 by rgs@rgs-home on 2002/10/04 19:44:48 Fix bug #17744, suggested by Andreas Jurenda, tweaked by rgs (security hole in Safe).
  • Change 17973 by rgs@rgs-home on 2002/10/03 20:34:13 Change the warning message "%s trapped by operation mask" to include '' around the op name. Document it in perldiag.
  • Change 17729 by hv@hv-star.knots.net on 2002/08/17 02:33:15 Subject: [PATCH] Safe.pm documentation From: Slaven Rezic <slaven.rezic@berlin.de> Date: Sat, 10 Aug 2002 19:30:38 +0200 (CEST) Message-id: <200208101730.g7AHUc9p001668@vran.herceg.de>

Modules

Safe
Compile and execute code in restricted compartments

Other files