Cpanpm
1 CVEs
product
Monthly
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Information Disclosure
Cpanpm
Perl
NVD
GitHub
CVSS 3.1
8.1
EPSS
1.5%
EPSS 2%
CVSS 8.1
HIGH
POC
PATCH
This Week
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Information Disclosure
Cpanpm
Perl
NVD
GitHub