Open mend-for-github-com[bot] opened 1 year ago
Library home page: https://metacpan.org/pod/CPAN
/gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Publish Date: 2023-04-29
URL: CVE-2023-31484
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q2/68
Release Date: 2023-04-28
Fix Resolution: 2.35-TRIAL
CVE-2023-31484 - High Severity Vulnerability
Vulnerable Library - CPAN2.20
Library home page: https://metacpan.org/pod/CPAN
Vulnerable Source Files (3)
/gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm /gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP/Client.pm
Vulnerability Details
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Publish Date: 2023-04-29
URL: CVE-2023-31484
CVSS 3 Score Details (8.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q2/68
Release Date: 2023-04-28
Fix Resolution: 2.35-TRIAL