|
|
Log in / Subscribe / Register

perl: tainted data laundering

Package(s):perl CVE #(s):
Created:April 14, 2011 Updated:April 20, 2011
Description: From the Perl advisory:

The current perlsec 5.13 man page still claims that "Laundering data using regular expression is the only mechanism for untainting dirty data", or by "using them as keys in a hash" - yet functions lc() and uc() are unwarrantedly laundering data too.

This holds true for v5.10.1, v5.12.3 and v5.13.10; but not for v5.8.8.

Alerts:
Fedora FEDORA-2011-4610 perl 2011-04-02
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds