Fedora Account System
Red Hat Associate
Red Hat Customer
It was found that the Encode perl5 module attempts to load modules located within the current directory. An attacker with write access to a directory where Perl is run from could use this flaw to execute perl code when the Encode module is loaded.
The flaw was introduced in p5-Encode 3.05 via https://github.com/dankogai/p5-encode/commit/9c5f5a30
Created perl-Encode tracking bugs for this issue: Affects: fedora-all [bug 1991539] Created perl-bootstrap:5.30/perl-Encode tracking bugs for this issue: Affects: fedora-all [bug 1991540] Created perl-bootstrap:5.32/perl-Encode tracking bugs for this issue: Affects: fedora-all [bug 1991541] Created perl:5.30/perl-Encode tracking bugs for this issue: Affects: fedora-all [bug 1991542] Created perl:5.32/perl-Encode tracking bugs for this issue: Affects: fedora-all [bug 1991543]
Upstream fix : https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74