CVE-2024-45321Download of Code Without Integrity Check in Cpanminus

CWE-494Download of Code Without Integrity CheckCWE-94Code Injection5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 33.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Cpanminus
Timeline
PublishedAug 27

Description

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-9mmm-86g7-vp9g: The App::cpanminus package through 12024-08-27
OSV
CVE-2024-45321: The App::cpanminus package through 12024-08-27

📋Vendor Advisories

2
Red Hat
perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability2024-08-27
Debian
CVE-2024-45321: cpanminus - The App::cpanminus package through 1.7047 for Perl downloads code via insecure H...2024