Security Advisories (1)

CVE-2026-4851 (2026-03-29)

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol. read_operation() in lib/GRID/Machine/Message.pm deserialises values from the remote side using eval() $arg .= '$VAR1'; my $val = eval "no strict; $arg"; # line 40-41 $arg is raw bytes from the protocol pipe. A compromised remote host can embed arbitrary perl in the Dumper-formatted response: $VAR1 = do { system("..."); }; This executes on the client silently on every RPC call, as the return values remain correct. This functionality is by design but the trust requirement for the remote host is not documented in the distribution.

https://www.openwall.com/lists/oss-security/2026/03/26/6

NAME

Makefile.PL - Makefile generator for GRID::Machine. Developer notes

SYNOPSIS

When working as a developer place in etc/ a script to customize your environment, then do s.t. like:

source etc/casianoperl5lib

to set the appropriate environment variables. Some variables to set are:

PATH                  to execute scripts
PERL5LIB              to find any modules required
DEVELOPER             used by many skip tests
GRID_REMOTE_MACHINE   the remote machine used for testing (see C<t/*.t> files)
MACHINES              a white space string containing the machines
                      for the 'remotetest' target

To build the documentation, you need Template installed. Issue the command:
```
$ make -f makepods
```
and the .pod files will be built from the templates in tt2/
To build the *.html files:
```
$ make -f makepods html
```
To build pdf files:
```
make -f makepods pdf
```
To delete generated docs (*.html, *.pdf, etc.)
```
make -f makepods clean
```
To run the tests on remote machines:
```
make remotetest
```
(Set the environment variable GRID_REMOTE_MACHINE to the remote machine.
To use Devel::Cover to study test coverage:
```
make coverage
```
To produce tags:
```
make tags
```

DEPENDENCIES

To use this Makefile.PL as developer is convenient to have installed:

Template toolkit
Pod2LaTeX
LaTeX
mpod2html
Devel::Cover

AUTHOR

Casiano Rodriguez-Leon (casiano@ull.es)

LICENCE AND COPYRIGHT

These modules are free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

To install GRID::Machine, copy and paste the appropriate command in to your terminal.

cpanm

cpanm GRID::Machine

CPAN shell

perl -MCPAN -e shell
install GRID::Machine

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DEPENDENCIES

AUTHOR

LICENCE AND COPYRIGHT

Module Install Instructions

Keyboard Shortcuts