vulnerability
Oracle Linux: CVE-2024-45321: ELSA-2024-10218: perl-App-cpanminus security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Aug 27, 2024 | Nov 26, 2024 | Dec 3, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Aug 27, 2024
Added
Nov 26, 2024
Modified
Dec 3, 2025
Description
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user.
A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user.
Solutions
oracle-linux-upgrade-perl-app-cpanminusoracle-linux-upgrade-perl-cpan-distnameinfooracle-linux-upgrade-perl-cpan-meta-checkoracle-linux-upgrade-perl-file-pushdoracle-linux-upgrade-perl-module-cpanfileoracle-linux-upgrade-perl-parse-pmfileoracle-linux-upgrade-perl-string-shellquote
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.