Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name
Vulnerability Description
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
MetaCPAN File::Find::Rule 安全漏洞
Vulnerability Description
MetaCPAN File::Find::Rule是MetaCPAN基金会的一个文件查找模块。 MetaCPAN File::Find::Rule 0.34及之前版本存在安全漏洞,该漏洞源于处理特制文件名时使用open函数不当,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A