CVE-2023-31484

CVSS V2 None CVSS V3 None
Description
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Overview
  • CVE ID
  • CVE-2023-31484
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-04-29T00:15:09
  • Last Modified Date
  • 2023-04-29T00:15:09
References
Reference URL Reference Tags
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://github.com/andk/cpanpm/pull/175
https://metacpan.org/dist/CPAN/changes
https://www.openwall.com/lists/oss-security/2023/04/18/14
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-31484
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
History
Created Old Value New Value Data Type Notes
2023-04-29 01:01:11 Added to TrackCVE