Improper Certificate Validation

CPAN.pm is vulnerable to Improper Certificate Validation. The vulnerability is caused due to not verifying TLS certificates when downloading distributions over HTTPS because verifyssl is missing when using HTTP::Tiny library during the connection. This can allow an attacker to inject into the...

perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

The vulnerability of the Perl programming language library HTTP::Tiny involves authentication process errors, which allow attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Perl programming language library HTTP::Tiny is related to errors in the TLS certificate authentication process. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...