A flaw was foundin perl-dbi before version. DBD::File drivers would open files from folders other than specifically passed using the f_dir attribute.
The fix was released by upstream in DBI-1.632.
perl-DBI as shipped in Red Hat Enterprise Linux 8, rhscl-3 rh-perl526-perl-DBI and rhscl-3 rh-perl530-perl-DBI are notaffected by this flaw as the vulnerable code has already been patched in versions of perl-DBI shipped in these products.
Upstream Bug: https://rt.cpan.org/Public/Bug/Display.html?id=99508