CVE-2011-10007
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Reserved 2025-06-05 | Published 2025-06-05 | Updated 2025-06-06 | Assigner CPANSecCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| 2011-01-04: | A bug was reported by Kevin Ryde to the upstream RT bugtracker described as "grep() can truncate files". |
| 2025-06-04: | CPANSec became aware of the bug and started triage. Code execution impact was confirmed, a patch was made, and the author, the distros list and additional downstream vendors were notified. |
metacpan.org/...-Find-Rule-0.34/source/lib/File/Find/Rule.pm
rt.cpan.org/Public/Bug/Display.html?id=64504
github.com/richardc/perl-file-find-rule/pull/4
github.com/...df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch
Support options
