CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45321 – perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45321
27 Aug 2024 — The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user... • https://github.com/miyagawa/cpanminus/issues/611 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16154
https://notcve.org/view.php?id=CVE-2020-16154
13 Dec 2021 — The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. El paquete App::cpanminus versión 1.7044 para Perl, permite una Omisión de Verificación de Firmas • https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •