OESA-2025-2608
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2608
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2608.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2608
- Upstream
- Published
- 2025-10-31T14:13:52Z
- Modified
- 2025-10-31T19:19:43.768147Z
- Summary
- perl-File-Find-Rule security update
- Details
-
File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %package help Summary : Alternative interface to File::Find Provides: perl-File-Find-Rule-doc %description help File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %prep %setup -q -n File-Find-Rule- %build export PERLMMOPT="" Makefile.PL INSTALLDIRS=vendor make
Security Fix(es):
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when
grep()encounters a crafted filename.A file handle is opened with the 2 argument form of
open()allowing an attacker controlled filename to provide the MODE parameter toopen(), turning the filename into a command to be executed.Example:
$ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)(CVE-2011-10007)
- Database specific
{ "severity": "High" }- References