CVE-2024-45321 – perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-45321

27 Aug 2024 — The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user... • https://github.com/miyagawa/cpanminus/issues/611 • CWE-494: Download of Code Without Integrity Check •