CVE-2024-45321

Опубликовано: 27 авг. 2024

Источник: debian

Описание

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

Пакет	Статус	Релиз	Тип
cpanminus	unfixed		package
cpanminus	postponed	trixie	package
cpanminus	postponed	bookworm	package
cpanminus	postponed	bullseye	package

https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
https://github.com/miyagawa/cpanminus/issues/611
https://github.com/miyagawa/cpanminus/pull/674

CVE-2024-45321

CVSS3: 8.1

ubuntu

около 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

redhat

около 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

nvd

около 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

RLSA-2024:10218

rocky

8 месяцев назад

Moderate: perl-App-cpanminus security update

GHSA-9mmm-86g7-vp9g

CVSS3: 9.8

github

около 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.