{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2011-10007", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2025-06-05T01:05:46.861Z", "datePublished": "2025-06-05T11:57:58.654Z", "dateUpdated": "2025-06-11T12:27:11.870Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "File-Find-Rule", "product": "File::Find::Rule", "programFiles": ["lib/File/Find/Rule.pm"], "programRoutines": [{"name": "grep"}], "repo": "https://github.com/richardc/perl-file-find-rule", "vendor": "RCLAMP", "versions": [{"lessThanOrEqual": "0.34", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.<br><br>A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.<br><br>Example:<br><br><tt>$ mkdir /tmp/poc; echo &gt; \"/tmp/poc/|id\"<br>$ perl -MFile::Find::Rule \\<br>&nbsp; &nbsp; -E 'File::Find::Rule-&gt;grep(\"foo\")-&gt;in(\"/tmp/poc\")'<br>uid=1000(user) gid=1000(user) groups=1000(user),100(users)<br></tt><br><br>"}], "value": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\"\n$ perl -MFile::Find::Rule \\\n\u00a0 \u00a0 -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-06-11T12:27:11.870Z"}, "references": [{"url": "https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423"}, {"tags": ["issue-tracking", "exploit"], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=64504"}, {"tags": ["issue-tracking"], "url": "https://github.com/richardc/perl-file-find-rule/pull/4"}, {"tags": ["patch"], "url": "https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users should update to a fixed version such as 0.35 or later, or apply the patch provided in the references section, or use a patched version provided by their OS distribution"}], "value": "Users should update to a fixed version such as 0.35 or later, or apply the patch provided in the references section, or use a patched version provided by their OS distribution"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2011-01-04T23:00:00.000Z", "value": "A bug was reported by Kevin Ryde to the upstream RT bugtracker described as \"grep() can truncate files\"."}, {"lang": "en", "time": "2025-06-04T22:00:00.000Z", "value": "CPANSec became aware of the bug and started triage. Code execution impact was confirmed, a patch was made, and the author, the distros list and additional downstream vendors were notified."}, {"lang": "en", "time": "2025-06-05T15:32:01.000Z", "value": "The author released File::Find::Rule 0.35."}], "title": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://github.com/richardc/perl-file-find-rule/pull/4", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-05T13:22:25.420367Z", "id": "CVE-2011-10007", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T14:06:56.992Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/05/4"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/06/1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/06/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-06T03:23:36.825Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/05/4"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/06/1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/06/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-06T03:23:36.825Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2011-10007", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-05T13:22:25.420367Z"}}}], "references": [{"url": "https://github.com/richardc/perl-file-find-rule/pull/4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T13:17:58.772Z"}}], "cna": {"title": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name", "source": {"discovery": "UNKNOWN"}, "affected": [{"repo": "https://github.com/richardc/perl-file-find-rule", "vendor": "RCLAMP", "product": "File::Find::Rule", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.34"}], "packageName": "File-Find-Rule", "programFiles": ["lib/File/Find/Rule.pm"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "programRoutines": [{"name": "grep"}]}], "timeline": [{"lang": "en", "time": "2011-01-04T23:00:00.000Z", "value": "A bug was reported by Kevin Ryde to the upstream RT bugtracker described as \"grep() can truncate files\"."}, {"lang": "en", "time": "2025-06-04T22:00:00.000Z", "value": "CPANSec became aware of the bug and started triage. Code execution impact was confirmed, a patch was made, and the author, the distros list and additional downstream vendors were notified."}, {"lang": "en", "time": "2025-06-05T15:32:01.000Z", "value": "The author released File::Find::Rule 0.35."}], "solutions": [{"lang": "en", "value": "Users should update to a fixed version such as 0.35 or later, or apply the patch provided in the references section, or use a patched version provided by their OS distribution", "supportingMedia": [{"type": "text/html", "value": "Users should update to a fixed version such as 0.35 or later, or apply the patch provided in the references section, or use a patched version provided by their OS distribution", "base64": false}]}], "references": [{"url": "https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423"}, {"url": "https://rt.cpan.org/Public/Bug/Display.html?id=64504", "tags": ["issue-tracking", "exploit"]}, {"url": "https://github.com/richardc/perl-file-find-rule/pull/4", "tags": ["issue-tracking"]}, {"url": "https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\"\n$ perl -MFile::Find::Rule \\\n\u00a0 \u00a0 -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)", "supportingMedia": [{"type": "text/html", "value": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.<br><br>A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.<br><br>Example:<br><br><tt>$ mkdir /tmp/poc; echo &gt; \"/tmp/poc/|id\"<br>$ perl -MFile::Find::Rule \\<br>&nbsp; &nbsp; -E 'File::Find::Rule-&gt;grep(\"foo\")-&gt;in(\"/tmp/poc\")'<br>uid=1000(user) gid=1000(user) groups=1000(user),100(users)<br></tt><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-06-11T12:27:11.870Z"}}}, "cveMetadata": {"cveId": "CVE-2011-10007", "state": "PUBLISHED", "dateUpdated": "2025-06-11T12:27:11.870Z", "dateReserved": "2025-06-05T01:05:46.861Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2025-06-05T11:57:58.654Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\"\n$ perl -MFile::Find::Rule \\\n\u00a0 \u00a0 -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)"}], "id": "CVE-2011-10007", "lastModified": "2025-06-06T04:15:41.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-05T12:15:22.807", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/richardc/perl-file-find-rule/pull/4"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://rt.cpan.org/Public/Bug/Display.html?id=64504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/06/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/richardc/perl-file-find-rule/pull/4"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:9740", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "perl-File-Find-Rule-Perl-0:1.13-2.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9741", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "perl-File-Find-Rule-0:0.33-5.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-26T00:00:00Z"}, {"advisory": "RHSA-2025:9605", "cpe": "cpe:/a:redhat:enterprise_linux:8::crb", "package": "perl-File-Find-Rule-0:0.34-9.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-25T00:00:00Z"}, {"advisory": "RHSA-2025:9517", "cpe": "cpe:/a:redhat:enterprise_linux:9::crb", "package": "perl-File-Find-Rule-0:0.34-19.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9658", "cpe": "cpe:/a:redhat:rhel_eus:9.4::crb", "package": "perl-File-Find-Rule-0:0.34-19.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-25T00:00:00Z"}], "bugzilla": {"description": "perl-file-find-rule: File::Find::Rule Arbitrary Code Execution", "id": "2370424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370424"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-78", "details": ["File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\nExample:\n$ mkdir /tmp/poc; echo > \"/tmp/poc/|id\"\n$ perl -MFile::Find::Rule \\\n\u00a0 \u00a0 -E 'File::Find::Rule->grep(\"foo\")->in(\"/tmp/poc\")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)", "A flaw was found in perl-file-find-rule. The `grep()` function within `File::Find::Rule` versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via the `open()` function's mode parameter. Consequently, an attacker can achieve remote code execution by providing a malicious filename."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2011-10007", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "perl-File-Find-Rule", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "perl-File-Find-Rule-Perl", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-06-05T11:57:58Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-10007\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-10007\nhttps://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch\nhttps://github.com/richardc/perl-file-find-rule/pull/4\nhttps://lists.debian.org/debian-lts-announce/2025/06/msg00006.html\nhttps://metacpan.org/release/RCLAMP/File-Find-Rule-0.34/source/lib/File/Find/Rule.pm#L423\nhttps://rt.cpan.org/Public/Bug/Display.html?id=64504"], "statement": "This vulnerability marked as Important rather than Moderate because it enables arbitrary code execution (ACE) through a common and trusted interface\u2014filename handling. Specifically, the use of Perl\u2019s two-argument open() within the grep() method allows attacker-controlled filenames to be interpreted as shell commands when prefixed with special characters like |. Since File::Find::Rule is often used in automation scripts, system utilities, and recursive file operations, this flaw transforms a seemingly benign filename input into an execution vector, violating a core security boundary between data and code. The vulnerability does not require elevated privileges or complex exploitation chains; a single crafted filename is enough to trigger shell execution, making the flaw exploitable in real-world scenarios such as CI/CD pipelines or file indexing systems.", "threat_severity": "Important"}