CVE-2023-31484
Summary
| CVE | CVE-2023-31484 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-29 00:15:00 UTC |
|---|
| Updated | 2023-11-07 04:14:00 UTC |
|---|
| Description | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| oss-security - Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm
and other modules |
MISC |
www.openwall.com |
|
| oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default,
affecting CPAN.pm and other modules |
MLIST |
www.openwall.com |
|
| oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default,
affecting CPAN.pm and other modules |
MLIST |
www.openwall.com |
|
| Changes - metacpan.org |
MISC |
metacpan.org |
|
| [SECURITY] Fedora 37 Update: perl-CPAN-2.36-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Add verify_SSL=>1 to HTTP::Tiny in CPAN::HTTP::Client to verify https server identity by stigtsp · Pull Request #175 · andk/cpanpm · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 37 Update: perl-CPAN-2.36-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: perl-CPAN-2.36-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Perl's HTTP::Tiny has insecure TLS default, affecting CPAN.pm and other modules – Hackeriet Blog |
MISC |
blog.hackeriet.no |
|
| oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default,
affecting CPAN.pm and other modules |
MLIST |
www.openwall.com |
|
| oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default,
affecting CPAN.pm and other modules |
MLIST |
www.openwall.com |
|
| [SECURITY] Fedora 38 Update: perl-CPAN-2.36-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161126 Oracle Enterprise Linux Security Update for perl-cpan (ELSA-2023-6539)
- 199391 Ubuntu Security Notification for Perl Vulnerability (USN-6112-2)
- 199482 Ubuntu Security Notification for Perl Vulnerability (USN-6112-1)
- 242292 Red Hat Update for perl-cpan (RHSA-2023:6539)
- 284306 Fedora Security Update for perl (FEDORA-2023-46924e402a)
- 284307 Fedora Security Update for perl (FEDORA-2023-1e5af38524)
- 330151 IBM AIX Vulnerability in perl (perl_advisory7)
- 355086 Amazon Linux Security Advisory for perl : ALAS2-2023-2034
- 355279 Amazon Linux Security Advisory for perl : ALAS2023-2023-178
- 355344 Amazon Linux Security Advisory for perl : ALAS-2023-1751
- 355401 Amazon Linux Security Advisory for perl-CPAN : ALAS2023-2023-182
- 673218 EulerOS Security Update for perl (EulerOS-SA-2023-2390)
- 673253 EulerOS Security Update for perl (EulerOS-SA-2023-2364)
- 673418 EulerOS Security Update for perl (EulerOS-SA-2023-2661)
- 673436 EulerOS Security Update for perl-cpan (EulerOS-SA-2023-3143)
- 673493 EulerOS Security Update for perl (EulerOS-SA-2023-2703)
- 673652 EulerOS Security Update for perl (EulerOS-SA-2023-3142)
- 673931 EulerOS Security Update for perl (EulerOS-SA-2023-2904)
- 674030 EulerOS Security Update for perl (EulerOS-SA-2023-2885)
- 755881 SUSE Enterprise Linux Security Update for perl (SUSE-SU-2023:2882-1)
- 908066 Common Base Linux Mariner (CBL-Mariner) Security Update for perl (37126)
- 941351 AlmaLinux Security Update for perl-CPAN (ALSA-2023:6539)
