CVE-2024-45321

Опубликовано: 27 авг. 2024

Источник: debian

EPSS Низкий

Описание

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

Пакет	Статус	Релиз	Тип
cpanminus	unfixed		package
cpanminus	postponed	trixie	package
cpanminus	postponed	bookworm	package
cpanminus	postponed	bullseye	package

https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
https://github.com/miyagawa/cpanminus/issues/611
https://github.com/miyagawa/cpanminus/pull/674

EPSS

Процентиль: 28%

0.00099

Низкий

CVE-2024-45321

CVSS3: 8.1

ubuntu

12 месяцев назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

redhat

12 месяцев назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

nvd

12 месяцев назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

GHSA-9mmm-86g7-vp9g

CVSS3: 9.8

github

12 месяцев назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

ELSA-2024-10219

oracle-oval

9 месяцев назад

ELSA-2024-10219: perl-App-cpanminus:1.7044 security update (MODERATE)

EPSS

Процентиль: 28%

0.00099

Низкий