Bug #130691 for Win32API-File: security vulnerabilities discovered on Win32API::File modules

Hello Win32API-File bug team, Sorry please ignore the previous email if you recieved. We are using Strawberry Perl 5.30.0.1 and some Perl modules on our application, according to company's security policy, we ran static code scanning for these open source code, but some security vulnerabilities are discovered during scanning. Win32API::File Ungrouped Missing Setuid (PrivilegeEscalation, CWE-266) CWE: 266 API: Missing Setuid Caller: src\perl32\lib\Win32API\File.pm at line 321 call open( $fh, $pref."&=".(0+$fd) src\perl32\lib\Win32API\File.pm at line 571 call >open(@_) src\perl64\lib\Win32API\File.pm at line 321 call open( $fh, $pref."&=".(0+$fd) src\perl64\lib\Win32API\File.pm at line 571 call >open(@_) src\perl32\lib\Win32API\File.pm at line 678 call >WRITE($buf, length($buf) src\perl64\lib\Win32API\File.pm at line 678 call >WRITE($buf, length($buf) Ungrouped File Open Mode Is User Modifiable (AccessControl.Bypass, CWE-288) CWE: 288 API: File Open Mode Is User Modifiable Caller: src\perl32\lib\Win32API\File.pm at line 321 call open( $fh, $pref."&=".(0+$fd) src\perl32\lib\Win32API\File.pm at line 571 call >open(@_) src\perl64\lib\Win32API\File.pm at line 321 call open( $fh, $pref."&=".(0+$fd) src\perl64\lib\Win32API\File.pm at line 571 call >open(@_) For the details, please refer to following reporting: Do you have any solution to fix these security issues ? It is very urgent for us to fix these issues for our project, could you take it as high priority ? Thanks in advance ! Best Regards, Jun Hua Bie Senior IT Specialist Global Technical Service IBM Service Mobile: +86-138-2370-2390 mailto:biejunh@cn.ibm.com