Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-31484

Published: October 18, 2023Last modified: October 18, 2023

Description

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Severity score breakdown

ParameterValue
Base score8.1
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSperlFixed (5.36.0-r2)
StreamperlFixed (5.38.0-r0)

References

ON THIS PAGE