vulnerability
Oracle Linux: CVE-2024-45321: ELSA-2024-10218: perl-App-cpanminus security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Aug 27, 2024 | Nov 26, 2024 | Dec 3, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Aug 27, 2024
Added
Nov 26, 2024
Modified
Dec 3, 2025
Description
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user.
A flaw was found in App::cpanminus (cpanm) through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if they have the ability to intercept and modify the content before it reaches to user.
Solutions
oracle-linux-upgrade-perl-app-cpanminusoracle-linux-upgrade-perl-cpan-distnameinfooracle-linux-upgrade-perl-cpan-meta-checkoracle-linux-upgrade-perl-file-pushdoracle-linux-upgrade-perl-module-cpanfileoracle-linux-upgrade-perl-parse-pmfileoracle-linux-upgrade-perl-string-shellquote
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.