search

tamirverthim / src

Public git conversion mirror of OpenBSD's official cvs src repository.
https://www.openbsd.org
0 stars 0 forks source link

WS-2023-0109 (Medium) detected in CPAN2.20 - autoclosed #72

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago

WS-2023-0109 - Medium Severity Vulnerability

Vulnerable Library - CPAN2.20

Library home page: https://metacpan.org/pod/CPAN

Vulnerable Source Files (3)

/gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm

Vulnerability Details

Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules

Publish Date: 2023-04-19

URL: WS-2023-0109

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://seclists.org/oss-sec/2023/q2/68

Release Date: 2023-04-19

Fix Resolution: 2.35-TRIAL

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.