A flaw was foundin perl-dbi before version. DBD::File drivers would open files from folders other than specifically passed using the f_dir attribute. Upstream patch: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
The fix was released by upstream in DBI-1.632.
Statement: perl-DBI as shipped in Red Hat Enterprise Linux 8, rhscl-3 rh-perl526-perl-DBI and rhscl-3 rh-perl530-perl-DBI are notaffected by this flaw as the vulnerable code has already been patched in versions of perl-DBI shipped in these products.
External References: Advisory: https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014 Upstream Bug: https://rt.cpan.org/Public/Bug/Display.html?id=99508