CVE-2023-31484

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31484

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31484.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31484

Related

Published

2023-04-29T00:15:09Z

Modified

2024-09-11T04:58:23.831359Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

References

Affected packages

Debian:11 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.32.1-4

5.32.1-4+deb11u1

5.32.1-4+deb11u2

5.32.1-4+deb11u3

5.32.1-5

5.32.1-6

5.34.0~rc2-1

5.34.0-1

5.34.0-2

5.34.0-3

5.34.0-4

5.34.0-5

5.36.0-1

5.36.0-2

5.36.0-3

5.36.0-4

5.36.0-5

5.36.0-6

5.36.0-7

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

5.38.2-2

5.38.2-3

5.38.2-3.1

5.38.2-3.2

5.38.2-3.2+hurd.1

5.38.2-4

5.38.2-5

5.40.0~rc1-1

5.40.0-1

5.40.0-2

5.40.0-3

5.40.0-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.36.0-7

5.36.0-7+deb12u1

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

5.38.2-2

5.38.2-3

5.38.2-3.1

5.38.2-3.2

5.38.2-3.2+hurd.1

5.38.2-4

5.38.2-5

5.40.0~rc1-1

5.40.0-1

5.40.0-2

5.40.0-3

5.40.0-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.38.2-2

Affected versions

5.*

5.36.0-7

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/andk/cpanpm

Affected ranges

Type: GIT
Repo: https://github.com/andk/cpanpm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b69df18c4e8d7a6764aac7ba86461f6754fc25e7

Affected versions

1.*

1.93_51

1.93_52

1.93_53

1.93_54

1.94

1.94_52

1.94_53

1.94_54

1.94_55

1.94_56

1.94_57

1.94_58

1.94_59

1.94_60

1.94_61

1.94_62

1.94_63

1.94_64

1.94_65

1.9600

1.97_51

1.9800

2.*

2.00

2.00-TRIAL

2.01-TRIAL

2.02-TRIAL

2.03-TRIAL

2.04-TRIAL

2.05

2.05-TRIAL

2.05-TRIAL2

2.06-TRIAL

2.07-TRIAL

2.08-TRIAL

2.09-TRIAL

2.10

2.10-TRIAL

2.12-TRIAL

2.13-TRIAL

2.14

2.14-TRIAL

2.15-TRIAL

2.16

2.16-TRIAL

2.16-TRIAL2

2.17-TRIAL

2.17-TRIAL2

2.18-TRIAL

2.20-TRIAL

2.21-TRIAL

2.22

2.22-TRIAL

2.23-TRIAL

2.24-TRIAL

2.25

2.25-TRIAL

2.26

2.27

2.27-TRIAL

2.27-TRIAL2

2.28

2.28-TRIAL

2.29

2.30-TRIAL

2.31-TRIAL

2.32-TRIAL

2.33

2.33-TRIAL

2.34

2.34-TRIAL