If a template is provided to Perl's Template Toolkit, can you ensure that the code generation inside Template Toolkit is sufficiently subsetted to be safe?
Asked
Active
Viewed 227 times
1 Answers
2
No, Template Toolkit suffers from multiple different ways to arbitrarily execute code, like this one used in CVE-2019-1978
[% template.new({ 'BLOCK' => 'use Data::Dumper; print STDERR Dumper(\%ENV); die' }) %]
Do not trust user-provided templates. This bug is filed upstream here.
Evan Carroll
- 2,811
- 5
- 25
- 40