CVE-2011-10007

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2011-10007
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-10007.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2011-10007
Related
Published
2025-06-05T12:15:22Z
Modified
2025-06-10T05:51:25.310547Z
Downstream
Summary
[none]
Details

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename.

A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed.

Example:

$ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

References

Affected packages

Debian:11 / libfile-find-rule-perl

Package

Name
libfile-find-rule-perl
Purl
pkg:deb/debian/libfile-find-rule-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.34-1+deb11u1

Affected versions

0.*

0.34-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libfile-find-rule-perl

Package

Name
libfile-find-rule-perl
Purl
pkg:deb/debian/libfile-find-rule-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.34-4~deb12u1

Affected versions

0.*

0.34-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libfile-find-rule-perl

Package

Name
libfile-find-rule-perl
Purl
pkg:deb/debian/libfile-find-rule-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.34-4

Affected versions

0.*

0.34-3
0.34-4~deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}