diff --git a/Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch b/Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch
new file mode 100644
index 0000000..a18161a
--- /dev/null
+++ b/Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch
@@ -0,0 +1,27 @@
+From 3772892b334a631b7bbf9a8ffbcb19e327d96e29 Mon Sep 17 00:00:00 2001
+From: Ricardo Signes <rjbs@semiotic.systems>
+Date: Sat, 17 Jul 2021 14:46:10 -0400
+Subject: [PATCH] mitigate @INC pollution when loading ConfigLocal
+
+---
+ Encode.pm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Encode.pm b/Encode.pm
+index a56a999..9691382 100644
+--- a/Encode.pm
++++ b/Encode.pm
+@@ -65,8 +65,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+-- 
+2.30.1 (Apple Git-130)
+
diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..c190bde
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
diff --git a/perl-Encode.spec b/perl-Encode.spec
index c17802f..0e0049d 100644
--- a/perl-Encode.spec
+++ b/perl-Encode.spec
@@ -8,7 +8,7 @@ Version:        %{cpan_version}
 # perl-encoding sub-package has independent version which does not change
 # often and consecutive builds would clash on perl-encoding NEVRA. This is the
 # same case as in perl.spec.
-Release:        461%{?dist}
+Release:        462%{?dist}
 Summary:        Character encodings in Perl
 # ucm:          UCD
 # bin/encguess: Artistic 2.0
@@ -16,6 +16,8 @@ Summary:        Character encodings in Perl
 License:        (GPL+ or Artistic) and Artistic 2.0 and UCD
 URL:            https://metacpan.org/release/Encode
 Source0:        https://cpan.metacpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
+# Encode.pm does not load code from outside expected @INC (rhbz#1984005, CVE-2021-36770)
+Patch0:         Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch
 BuildRequires:  findutils
 BuildRequires:  gcc
 BuildRequires:  make
@@ -127,6 +129,7 @@ your own encoding to perl. No knowledge of XS is necessary.
 
 %prep
 %setup -q -n Encode-%{cpan_version}
+%patch0 -p1
 
 %build
 # Additional scripts can be installed by appending MORE_SCRIPTS, UCM files by
@@ -170,6 +173,10 @@ make test
 %{perl_vendorarch}/Encode/encode.h
 
 %changelog
+* Tue Aug 10 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-462
+- Resolves: rhbz#1984005, CVE-2021-36770 - mitigate @INC pollution when
+  loading ConfigLocal
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:3.08-461
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688