OESA-2025-1681

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1681

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1681.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-1681

Upstream

CVE-2011-10007

Published

2025-06-27T13:16:35Z

Modified

2025-09-03T06:30:57.966152Z

Summary

perl-File-Find-Rule security update

Details

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories.

Security Fix(es):

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename.

A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed.

Example:

$ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)(CVE-2011-10007)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / perl-File-Find-Rule

Package

Name: perl-File-Find-Rule
Purl: pkg:rpm/openEuler/perl-File-Find-Rule&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34-3.oe2203sp3

Ecosystem specific

{
    "src": [
        "perl-File-Find-Rule-0.34-3.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "perl-File-Find-Rule-0.34-3.oe2203sp3.noarch.rpm",
        "perl-File-Find-Rule-help-0.34-3.oe2203sp3.noarch.rpm"
    ]
}