The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
History

Tue, 26 Nov 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Fri, 06 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared App\
App\ \
CPEs cpe:2.3:a:app\:\:cpanminus_project:app\:\:cpanminus:*:*:*:*:*:perl:*:*
Vendors & Products App\
App\ \

Fri, 06 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94

Fri, 06 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-494

Thu, 29 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Critical

threat_severity

Moderate


Thu, 29 Aug 2024 09:30:00 +0000

Type Values Removed Values Added
Title perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability
References
Metrics threat_severity

None

threat_severity

Critical


Tue, 27 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Perl
Perl cpanminus
Weaknesses CWE-94
CPEs cpe:2.3:a:perl:cpanminus:*:*:*:*:*:*:*:*
Vendors & Products Perl
Perl cpanminus
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 27 Aug 2024 04:15:00 +0000

Type Values Removed Values Added
Description The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-27T00:00:00

Updated: 2024-09-06T13:33:38.493Z

Reserved: 2024-08-27T00:00:00

Link: CVE-2024-45321

cve-icon Vulnrichment

Updated: 2024-08-27T13:23:33.278Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T04:15:09.010

Modified: 2024-12-05T18:47:30.633

Link: CVE-2024-45321

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-27T04:15:09Z

Links: CVE-2024-45321 - Bugzilla