/ 
File-Find-Rule-0.31
River stage four • 284 direct dependents • 1709 total dependents
Security Advisories (1)
CVE-2011-10007 (2025-06-05)

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

Changes for version 0.31

  • Move to Makefile.PL use Test::Differences in the testsuite if available. Rearrange the testsuite so you don't keep tripping over yourself. Dropped 5.00503 backwards compatibility, allows some 5.6isms and dropping the shonky Cwd code. All taint 'bugs' are now the same as the behaviour of File::Find, documentation has been added to describe this.

Documentation

File::Find::Rule
findrule
command line wrapper to File::Find::Rule
File::Find::Rule::Extending
the mini-guide to extending File::Find::Rule
File::Find::Rule::Procedural
File::Find::Rule's procedural interface

Modules

File::Find::Rule
Alternative interface to File::Find

Provides

File::Find::Rule::Test::ATeam
in testdir/lib/File/Find/Rule/Test/ATeam.pm

Other files