libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMS
s recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS
file for another authors package, allowing a malicious mirror or network attacker to serve a modified package.
CPE | Name | Operator | Version |
---|---|---|---|
libcpan-checksums-perl:sid | eq | 2.12-1 | |
libcpan-checksums-perl:sid | eq | 2.12-1 |