CVE-2023-31484
8.1HIGHCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
게시됨: 4/29/2023업데이트됨: 11/3/2025
설명
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
AI 분석AI 기반
영향받는 제품
cpanpm_projectcpanpm
perlperl
참조
- http://www.openwall.com/lists/oss-security/2023/04/29/1Mailing ListPatch
- http://www.openwall.com/lists/oss-security/2023/05/03/3Mailing ListPatch
- http://www.openwall.com/lists/oss-security/2023/05/03/5Mailing List
- http://www.openwall.com/lists/oss-security/2023/05/07/2Mailing List
- https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/MitigationPatchThird Party Advisory
- https://github.com/andk/cpanpm/pull/175ExploitIssue Tracking
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
- https://metacpan.org/dist/CPAN/changesRelease Notes
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.openwall.com/lists/oss-security/2023/04/18/14Mailing ListPatch
- http://www.openwall.com/lists/oss-security/2023/04/29/1Mailing ListPatch
- http://www.openwall.com/lists/oss-security/2023/05/03/3Mailing ListPatch
- http://www.openwall.com/lists/oss-security/2023/05/03/5Mailing List
- http://www.openwall.com/lists/oss-security/2023/05/07/2Mailing List
- https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/MitigationPatchThird Party Advisory
- https://github.com/andk/cpanpm/pull/175ExploitIssue Tracking
- https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/