CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%
Issue Overview:
HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31484)
Affected Packages:
perl
Issue Correction:
Run yum update perl to update your system.
New Packages:
i686:
perl-libs-5.16.3-294.44.amzn1.i686
perl-devel-5.16.3-294.44.amzn1.i686
perl-debuginfo-5.16.3-294.44.amzn1.i686
perl-macros-5.16.3-294.44.amzn1.i686
perl-tests-5.16.3-294.44.amzn1.i686
perl-5.16.3-294.44.amzn1.i686
perl-Time-Piece-1.20.1-294.44.amzn1.i686
perl-core-5.16.3-294.44.amzn1.i686
noarch:
perl-ExtUtils-CBuilder-0.28.2.6-294.44.amzn1.noarch
perl-Module-Loaded-0.08-294.44.amzn1.noarch
perl-Pod-Escapes-1.04-294.44.amzn1.noarch
perl-CPAN-1.9800-294.44.amzn1.noarch
perl-IO-Zlib-1.10-294.44.amzn1.noarch
perl-Locale-Maketext-Simple-0.21-294.44.amzn1.noarch
perl-ExtUtils-Install-1.58-294.44.amzn1.noarch
perl-ExtUtils-Embed-1.30-294.44.amzn1.noarch
perl-Package-Constants-0.02-294.44.amzn1.noarch
perl-Object-Accessor-0.42-294.44.amzn1.noarch
perl-Module-CoreList-2.76.02-294.44.amzn1.noarch
src:
perl-5.16.3-294.44.amzn1.src
x86_64:
perl-debuginfo-5.16.3-294.44.amzn1.x86_64
perl-5.16.3-294.44.amzn1.x86_64
perl-macros-5.16.3-294.44.amzn1.x86_64
perl-libs-5.16.3-294.44.amzn1.x86_64
perl-tests-5.16.3-294.44.amzn1.x86_64
perl-Time-Piece-1.20.1-294.44.amzn1.x86_64
perl-devel-5.16.3-294.44.amzn1.x86_64
perl-core-5.16.3-294.44.amzn1.x86_64
Red Hat: CVE-2023-31484
Mitre: CVE-2023-31484
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | perl-libs | < 5.16.3-294.44.amzn1 | perl-libs-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-devel | < 5.16.3-294.44.amzn1 | perl-devel-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-debuginfo | < 5.16.3-294.44.amzn1 | perl-debuginfo-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-macros | < 5.16.3-294.44.amzn1 | perl-macros-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-tests | < 5.16.3-294.44.amzn1 | perl-tests-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl | < 5.16.3-294.44.amzn1 | perl-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-time-piece | < 1.20.1-294.44.amzn1 | perl-Time-Piece-1.20.1-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perl-core | < 5.16.3-294.44.amzn1 | perl-core-5.16.3-294.44.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | perl-extutils-cbuilder | < 0.28.2.6-294.44.amzn1 | perl-ExtUtils-CBuilder-0.28.2.6-294.44.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | perl-module-loaded | < 0.08-294.44.amzn1 | perl-Module-Loaded-0.08-294.44.amzn1.noarch.rpm |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%