CVE-2023-31486

Опубликовано: 29 апр. 2023

Источник: debian

Описание

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libhttp-tiny-perl	fixed	0.088-1		package
perl	fixed	5.38.0~rc2-1	experimental	package
perl	fixed	5.38.2-2		package

Примечания

https://www.openwall.com/lists/oss-security/2023/04/18/14
https://github.com/chansen/p5-http-tiny/issues/134
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://hackeriet.github.io/cpan-http-tiny-overview/
Applications need to explicitly opt in to enable verification.

Связанные уязвимости

CVE-2023-31486

CVSS3: 8.1

ubuntu

больше 2 лет назад

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

CVE-2023-31486

CVSS3: 8.1

redhat

больше 2 лет назад

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

CVE-2023-31486

CVSS3: 8.1

nvd

больше 2 лет назад

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

CVE-2023-31486

CVSS3: 8.1

msrc

около 2 лет назад

Описание отсутствует

openSUSE-SU-2023:0223-1

suse-cvrf

около 2 лет назад

Security update for perl-HTTP-Tiny