CVE-2023-31484

Published: Apr 29, 2023Modified: Nov 3, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Affected (2)

Products: Cpanpm Project: Cpanpm · Perl: Perl

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cpanpm Project Cpanpm	Before 2.35

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Perl Perl	Before 5.38.0

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (23)

http://www.openwall.com/lists/oss-security/2023/04/29/1

Source: cve@mitre.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/05/03/3

Source: cve@mitre.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/05/03/5

Source: cve@mitre.org

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/07/2

Source: cve@mitre.org

Mailing List

https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

Source: cve@mitre.org

MitigationPatchThird Party Advisory

https://github.com/andk/cpanpm/pull/175

Source: cve@mitre.org

ExploitIssue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/

Source: cve@mitre.org

https://metacpan.org/dist/CPAN/changes

Source: cve@mitre.org

Release Notes

https://security.netapp.com/advisory/ntap-20240621-0007/

Source: cve@mitre.org

https://www.openwall.com/lists/oss-security/2023/04/18/14

Source: cve@mitre.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/04/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/05/03/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/05/03/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2023/05/07/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchThird Party Advisory

https://github.com/andk/cpanpm/pull/175

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://metacpan.org/dist/CPAN/changes

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://security.netapp.com/advisory/ntap-20240621-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.openwall.com/lists/oss-security/2023/04/18/14

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

Timeline

No history available yet.