{"schema_version":"1.7.2","id":"OESA-2025-1646","modified":"2025-06-20T13:26:25Z","published":"2025-06-20T13:26:25Z","upstream":["CVE-2011-10007"],"summary":"perl-File-Find-Rule security update","details":"File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories.\r\n\r\nSecurity Fix(es):\n\nFile::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo \u0026gt; \u0026quot;/tmp/poc/|id\u0026quot;\n$ perl -MFile::Find::Rule \\\n    -E \u0026apos;File::Find::Rule-\u0026gt;grep(\u0026quot;foo\u0026quot;)-\u0026gt;in(\u0026quot;/tmp/poc\u0026quot;)\u0026apos;\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)(CVE-2011-10007)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"perl-File-Find-Rule","purl":"pkg:rpm/openEuler/perl-File-Find-Rule\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.34-3.oe2203sp4"}]}],"ecosystem_specific":{"noarch":["perl-File-Find-Rule-0.34-3.oe2203sp4.noarch.rpm","perl-File-Find-Rule-help-0.34-3.oe2203sp4.noarch.rpm"],"src":["perl-File-Find-Rule-0.34-3.oe2203sp4.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1646"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-10007"}],"database_specific":{"severity":"High"}}