Lucene search
K

6 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...

6.5CVSS5.5AI score0.00227EPSS
Exploits0
OSV
OSV
added 2026/05/14 8:21 p.m.7 views

CLSA-2026-1778790079 perl: Fix of CVE-2023-31486

CVE-2023-31486: HTTP::Tiny verifies TLS certificates by default...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 1:16 p.m.7 views

CLSA-2026-1768223815 perl: Fix of CVE-2023-31484

CVE-2023-31484: add verifySSL=1 to HTTP::Tiny to verify https server identity...

8.1CVSS5.8AI score0.01548EPSS
Exploits1References1
Veracode
Veracode
added 2024/01/15 11:23 a.m.28 views

Improper Certificate Validation

CPAN.pm is vulnerable to Improper Certificate Validation. The vulnerability is caused due to not verifying TLS certificates when downloading distributions over HTTPS because verifyssl is missing when using HTTP::Tiny library during the connection. This can allow an attacker to inject into the...

8.1CVSS6.5AI score0.01548EPSS
Exploits1References12Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/07 8:32 a.m.2 views

perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

8.1CVSS7.3AI score0.01548EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the Perl programming language library HTTP::Tiny involves authentication process errors, which allow attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Perl programming language library HTTP::Tiny is related to errors in the TLS certificate authentication process. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References20Affected Software6
Rows per page
Query Builder