{"schema_version":"1.7.2","id":"OESA-2025-2608","modified":"2025-10-31T14:13:52Z","published":"2025-10-31T14:13:52Z","upstream":["CVE-2011-10007"],"summary":"perl-File-Find-Rule security update","details":"File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %package help Summary : Alternative interface to File::Find Provides: perl-File-Find-Rule-doc %description help File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %prep %setup -q -n File-Find-Rule- %build export PERL_MM_OPT=""  Makefile.PL INSTALLDIRS=vendor make\r\n\r\nSecurity Fix(es):\n\nFile::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo > "/tmp/poc/|id"\n$ perl -MFile::Find::Rule \\\n    -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)(CVE-2011-10007)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"perl-File-Find-Rule","purl":"pkg:rpm/openEuler/perl-File-Find-Rule&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.34-4.oe2403sp2"}]}],"ecosystem_specific":{"noarch":["perl-File-Find-Rule-0.34-4.oe2403sp2.noarch.rpm","perl-File-Find-Rule-help-0.34-4.oe2403sp2.noarch.rpm"],"src":["perl-File-Find-Rule-0.34-4.oe2403sp2.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2608"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-10007"}],"database_specific":{"severity":"High"}}