6 matches found
Medium: perl-HTTP-Tiny
Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...
CLSA-2026-1778790079 perl: Fix of CVE-2023-31486
CVE-2023-31486: HTTP::Tiny verifies TLS certificates by default...
CLSA-2026-1768223815 perl: Fix of CVE-2023-31484
CVE-2023-31484: add verifySSL=1 to HTTP::Tiny to verify https server identity...
Improper Certificate Validation
CPAN.pm is vulnerable to Improper Certificate Validation. The vulnerability is caused due to not verifying TLS certificates when downloading distributions over HTTPS because verifyssl is missing when using HTTP::Tiny library during the connection. This can allow an attacker to inject into the...
perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS
A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...
The vulnerability of the Perl programming language library HTTP::Tiny involves authentication process errors, which allow attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Perl programming language library HTTP::Tiny is related to errors in the TLS certificate authentication process. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...