0.001 Low
EPSS
Percentile
44.6%
cpanminus, sid is vulnerable to signature verification bypass. The vulnerability exists due to a lack of input sanitization allow attacker to prepend checksums for modified packages to the beginning of CHECKSUMS files,
blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
lists.fedoraproject.org/archives/list/[email protected]/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/
metacpan.org/pod/App::cpanminus
security-tracker.debian.org/tracker/CVE-2020-16154