CVE-2024-45321

Опубликовано: 27 авг. 2024

Источник: debian

EPSS Низкий

Описание

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

Пакет	Статус	Релиз	Тип
cpanminus	unfixed		package
cpanminus	postponed	trixie	package
cpanminus	postponed	bookworm	package
cpanminus	postponed	bullseye	package

https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
https://github.com/miyagawa/cpanminus/issues/611
https://github.com/miyagawa/cpanminus/pull/674

EPSS

Процентиль: 59%

0.00383

Низкий

CVE-2024-45321

CVSS3: 8.1

ubuntu

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

redhat

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

nvd

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

RLSA-2024:10219

rocky

около 1 года назад

Moderate: perl-App-cpanminus:1.7044 security update

RLSA-2024:10218

rocky

10 месяцев назад

Moderate: perl-App-cpanminus security update

EPSS

Процентиль: 59%

0.00383

Низкий