CVE-2023-31486

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2023-31486
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-04-29 00:15:00 UTC
Updated2023-06-21 18:19:00 UTC
DescriptionHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Risk And Classification

Problem Types: CWE-295

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Http tiny_project http\ \ tiny
Application Http tiny_project http\ \ tiny
Application Perl Perl All All All All

References

ReferenceSourceLinkTags
oss-security - Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MISC www.openwall.com
oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MLIST www.openwall.com
oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MLIST www.openwall.com
Perl's HTTP::Tiny has insecure TLS default, affecting CPAN.pm and other modules – Hackeriet Blog MISC blog.hackeriet.no
HTTP::Tiny, verify_SSL=>0 default, and CPAN distributions MISC hackeriet.github.io
oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MLIST www.openwall.com
oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MISC www.openwall.com
Change verify_SSL default to 1, add ENV var to force insecure https [CVE-2023-31486] by stigtsp · Pull Request #153 · chansen/p5-http-tiny · GitHub MISC github.com
Reddit - Dive into anything MISC www.reddit.com
oss-security - Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules MLIST www.openwall.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 161129 Oracle Enterprise Linux Security Update for perl-http-tiny (ELSA-2023-6542)
  • 161151 Oracle Enterprise Linux Security Update for perl-http-tiny (ELSA-2023-7174)
  • 242314 Red Hat Update for perl-http-tiny (RHSA-2023:6542)
  • 242427 Red Hat Update for perl-http-tiny (RHSA-2023:7174)
  • 242780 Red Hat Update for perl-http-tiny (RHSA-2024:0579)
  • 242853 Red Hat Update for perl-http-tiny (RHSA-2024:0422)
  • 330151 IBM AIX Vulnerability in perl (perl_advisory7)
  • 355457 Amazon Linux Security Advisory for perl : ALAS2023-2023-218
  • 355462 Amazon Linux Security Advisory for perl-Pod-Perldoc : ALAS2023-2023-217
  • 355469 Amazon Linux Security Advisory for perl-HTTP-Tiny : ALAS2023-2023-216
  • 355547 Amazon Linux Security Advisory for perl-Pod-Perldoc : ALAS2-2023-2094
  • 355548 Amazon Linux Security Advisory for perl-HTTP-Tiny : ALAS2-2023-2093
  • 355559 Amazon Linux Security Advisory for perl-HTTP-Tiny : ALAS-2023-1771
  • 379249 Alibaba Cloud Linux Security Update for perl-http-tiny (ALINUX3-SA-2024:0002)
  • 673264 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2625)
  • 673274 EulerOS Security Update for perl (EulerOS-SA-2023-2594)
  • 673304 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2595)
  • 673311 EulerOS Security Update for perl (EulerOS-SA-2023-2624)
  • 673324 EulerOS Security Update for perl (EulerOS-SA-2023-2819)
  • 673395 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2850)
  • 673473 EulerOS Security Update for perl (EulerOS-SA-2023-2795)
  • 673585 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2796)
  • 673652 EulerOS Security Update for perl (EulerOS-SA-2023-3142)
  • 673685 EulerOS Security Update for perl (EulerOS-SA-2023-2849)
  • 673781 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2867)
  • 673817 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-2820)
  • 673953 EulerOS Security Update for perl (EulerOS-SA-2023-2866)
  • 674116 EulerOS Security Update for perl-http-tiny (EulerOS-SA-2023-3144)
  • 907062 Common Base Linux Mariner (CBL-Mariner) Security Update for perl (27194-1)
  • 908060 Common Base Linux Mariner (CBL-Mariner) Security Update for perl (37127)
  • 941359 AlmaLinux Security Update for perl-HTTP-Tiny (ALSA-2023:6542)
  • 941457 AlmaLinux Security Update for perl-HTTP-Tiny (ALSA-2023:7174)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report