CVE-2020-16156
CVE-2020-16156 affects CPAN/CPAN.pm (notably CPAN 2.28 and its signature verification handling). The root cause is a bypass where an attacker can prepend or manipulate CHECKSUMS to bypass signature verification, enabling installation of tampered modules. Public documents confirm that the issue is...