Security
Security
A vulnerability has been discovered in File-Find-Rule, which can lead to shell injection.
| Package | dev-perl/File-Find-Rule on all architectures |
|---|---|
| Affected versions | < 0.350.0 |
| Unaffected versions | >= 0.350.0 |
File-Find-Rule is an alternative interface to File::Find.
File-Find-Rule uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
Shell injection may be used to execute arbitrary code using a malicious filename.
There is no known workaround at this time.
All File-Find-Rule users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/File-Find-Rule-0.350.0"
Release date
June 12, 2025
Latest revision
June 12, 2025: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries