CVE-2011-10007

ADVISORY - debian

Summary

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename. A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

libfile-find-rule-perl 0.34-4 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107311) https://lists.security.metacpan.org/cve-announce/msg/30183067/ https://rt.cpan.org/Public/Bug/Display.html?id=64504 https://github.com/richardc/perl-file-find-rule/pull/4 Fixed by: https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f

EPSS Score⁠: 0.0006 (0.189)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impacted images

Advisories

Debian

CREATED

1 month ago

UPDATED

4 hours ago

ADVISORY IDCVE-2011-10007⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/libfile-find-rule-perl	deb	debian	12	<0.34-4~deb12u1	0.34-4~deb12u1
debian/libfile-find-rule-perl	deb	debian	unstable	<0.34-4	0.34-4
debian/libfile-find-rule-perl	deb	debian	13	<0.34-4	0.34-4
debian/libfile-find-rule-perl	deb	debian	11	<0.34-1+deb11u1	0.34-1+deb11u1

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2011-10007⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

8.8high

Alpine

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2011-10007⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 month ago

UPDATED

9 days ago

ADVISORY IDCVE-2011-10007⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

23 days ago

UPDATED

17 days ago

ADVISORY IDALSA-2025:9517⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

22 days ago

UPDATED

20 days ago

ADVISORY IDALSA-2025:9605⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDALAS2-2025-2891⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

28 days ago

UPDATED

23 days ago

ADVISORY IDALAS2-2025-2908⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

28 days ago

UPDATED

23 days ago

ADVISORY IDALAS2023-2025-1047⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

28 days ago

UPDATED

23 days ago

ADVISORY IDALAS2023-2025-1048⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY IDELSA-2025-9517⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

22 days ago

UPDATED

22 days ago

ADVISORY IDELSA-2025-9605⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY IDELSA-2025-9740⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY IDELSA-2025-9741⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh