HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List |
http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List Third Party Advisory |
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation Patch Third Party Advisory |
https://github.com/chansen/p5-http-tiny/pull/153 | Patch |
https://hackeriet.github.io/cpan-http-tiny-overview/ | Product |
https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List Patch |
https://www.openwall.com/lists/oss-security/2023/05/03/4 | Mailing List Third Party Advisory |
https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/ | Issue Tracking |
Configurations
History
21 Jun 2023, 18:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:http\:\:tiny_project:http\:\:tiny:*:*:*:*:*:*:*:* cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/chansen/p5-http-tiny/pull/153 - Patch | |
First Time |
Perl perl
Perl |
20 Jun 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. |
Information
Published : 2023-04-29 00:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-31486
Mitre link : CVE-2023-31486
CVE.ORG link : CVE-2023-31486
JSON object : View
Products Affected
http\
- \
perl
- perl
CWE
CWE-295
Improper Certificate Validation