CVE-2024-45321

Опубликовано: 27 авг. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

Ссылки

https://github.com/miyagawa/cpanminus/issues/611
Issue Tracking
https://github.com/miyagawa/cpanminus/pull/674
Issue Tracking
Patch
https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:app\:\:cpanminus_project:app\:\:cpanminus:*:*:*:*:*:perl:*:*

Версия до 1.7047 (включая)

EPSS

Процентиль: 59%

0.00383

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-494

Связанные уязвимости

CVE-2024-45321

CVSS3: 8.1

ubuntu

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

redhat

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVE-2024-45321

CVSS3: 8.1

debian

больше 1 года назад

The App::cpanminus package through 1.7047 for Perl downloads code via ...

RLSA-2024:10219

rocky

около 1 года назад

Moderate: perl-App-cpanminus:1.7044 security update

RLSA-2024:10218

rocky

10 месяцев назад

Moderate: perl-App-cpanminus security update

EPSS

Процентиль: 59%

0.00383

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-494