CVE-2023-31484

Опубликовано: 29 апр. 2023

Источник: debian

Описание

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Пакет	Статус	Версия исправления	Релиз	Тип
perl	fixed	5.38.0~rc2-1	experimental	package
perl	fixed	5.38.2-2		package
perl	fixed	5.36.0-7+deb12u3	bookworm	package
perl	no-dsa		buster	package

https://github.com/andk/cpanpm/pull/175
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)

CVE-2023-31484

CVSS3: 8.1

ubuntu

больше 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484

CVSS3: 7.4

redhat

больше 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484

CVSS3: 8.1

nvd

больше 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484

CVSS3: 8.1

msrc

2 месяца назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

SUSE-SU-2023:2882-1

suse-cvrf

больше 2 лет назад

Security update for perl