CVE-2023-31486

CVSS V2 None CVSS V3 None

Description

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Overview

CVE ID
CVE-2023-31486

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-04-29T00:15:09

Last Modified Date
2023-04-29T00:15:09

References

Reference URL	Reference Tags
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://hackeriet.github.io/cpan-http-tiny-overview/
https://www.openwall.com/lists/oss-security/2023/04/18/14
https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-31486
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31486

History

Created	Old Value	New Value	Data Type	Notes
2023-04-29 01:01:11				Added to TrackCVE