Home
Packages
Report
Policy
Login
Signup
« List of all CVEs
CVE-2023-31484
Published:
4/28/2023
Last updated:
8/2/2024
Reserved:
4/28/2023
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
CNA assigner:
mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca)
Requested by:
n/a
Metrics
Version
Score
Severity
Vector String
3.1
8.1
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Opam packages affected (3)
bap-std
conf-perl
goblint-cil
Products affected (1)
Product
Vendor
Version
n/a
n/a
<= 7.8.4
References (22)
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://www.openwall.com/lists/oss-security/2023/04/18/14
https://github.com/andk/cpanpm/pull/175
https://metacpan.org/dist/CPAN/changes
http://www.openwall.com/lists/oss-security/2023/04/29/1
http://www.openwall.com/lists/oss-security/2023/05/03/3
http://www.openwall.com/lists/oss-security/2023/05/03/5
http://www.openwall.com/lists/oss-security/2023/05/07/2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
https://security.netapp.com/advisory/ntap-20240621-0007/
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://www.openwall.com/lists/oss-security/2023/04/18/14
https://github.com/andk/cpanpm/pull/175
https://metacpan.org/dist/CPAN/changes
http://www.openwall.com/lists/oss-security/2023/04/29/1
http://www.openwall.com/lists/oss-security/2023/05/03/3
http://www.openwall.com/lists/oss-security/2023/05/03/5
http://www.openwall.com/lists/oss-security/2023/05/07/2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
https://security.netapp.com/advisory/ntap-20240621-0007/