The Perl open() function has several forms. The perlfunc(1) manpage lists the following:
...
This code suffers from the same vulnerability as the first noncompliant code example. The <ARGV> operator opens every file provided in the @ARGV array and returns a line from each file. Unfortunately, it uses the two-argument form of open() to accomplish this. If any element of @ARGV begins or ends with |, it will be it is interpreted as a shell command and executed.
...
The <> operator is a synonym for <ARGV>, and has the same behavior , with the same vulnerability.
...
This code suffers from the same vulnerability as the previous noncompliant code example. The -n argument instructs Perl to open every file in the command line (in this case, every file in the current directory) and return a line from each file. If any argument in the command begins or ends with |, it will be it is interpreted as a shell command and executed. In this manner, the -n operator acts exactly like the two-argument form of open().
...
This code suffers from the same vulnerability as the previous noncompliant code example. The -p argument instructs Perl to open every file in the command line (in this case, every file in the current directory) and return a line from each file. Unlike -n, -p also instructs Perl to print the line read (stored in $_) at the end of each iteration of its implicit loop. If any argument in the command begins or ends with |, it will be it is interpreted as a shell command and executed. In this manner, the -n operator acts exactly like the two-argument form of open().
...