/ 
Safe-2.15
River stage four • 35 direct dependents • 2400 total dependents
Security Advisories (2)
CVE-2010-1168 (2010-06-21)

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

CVE-2010-1447 (2010-05-19)

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Changes for version 2.15

  • Change 33238 on 2008/02/05 by rgs@stcosmo Adapt Safe innards to older (XS) versions of version.pm
  • Change 33237 on 2008/02/05 by rgs@stcosmo Add a new test for Safe
  • Change 33236 on 2008/02/05 by rgs@stcosmo Fix CPAN bug #32896: make version.pm loadable in a Safe compartment
  • Change 33170 on 2008/02/01 by nicholas@nicholas-bouvard Break apart the list of functions defined in universal.c by perl version (from 5.8.8 upwards)

Modules

Safe
Compile and execute code in restricted compartments

Other files