CVE-2020-16154

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

Ссылки

https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/
https://metacpan.org/pod/App::cpanminus
Product
Third Party Advisory
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/
https://metacpan.org/pod/App::cpanminus
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:app\:\:cpanminus_project:app\:\:cpanminus:1.7044:*:*:*:*:perl:*:*

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-347

Связанные уязвимости

CVE-2020-16154

CVSS3: 7.8

ubuntu

около 4 лет назад

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

CVE-2020-16154

CVSS3: 7.8

redhat

около 4 лет назад

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

CVE-2020-16154

CVSS3: 7.8

debian

около 4 лет назад

The App::cpanminus package 1.7044 for Perl allows Signature Verificati ...

openSUSE-SU-2022:0074-1

suse-cvrf

почти 4 года назад

Security update for perl-App-cpanminus

GHSA-m92x-373g-xc36

github

почти 4 года назад

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

EPSS

Процентиль: 7%

0.00026

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-347