CVE-2023-31484

Опубликовано: 29 апр. 2023

Источник: debian

EPSS Низкий

Описание

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Пакет	Статус	Версия исправления	Релиз	Тип
perl	fixed	5.38.0~rc2-1	experimental	package
perl	fixed	5.38.2-2		package
perl	no-dsa		bookworm	package
perl	no-dsa		buster	package

https://github.com/andk/cpanpm/pull/175
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)

EPSS

Процентиль: 79%

0.01385

Низкий

CVE-2023-31484

CVSS3: 8.1

ubuntu

около 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484

CVSS3: 7.4

redhat

около 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484

CVSS3: 8.1

nvd

около 2 лет назад

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

SUSE-SU-2023:2882-1

suse-cvrf

почти 2 года назад

Security update for perl

SUSE-SU-2023:2881-1

suse-cvrf

почти 2 года назад

Security update for perl

EPSS

Процентиль: 79%

0.01385

Низкий