ALT-PU-2022-1154-1
Package perl-App-cpanminus updated to version 1.7045-alt1 for branch sisyphus in task 294190.
Closed vulnerabilities
Published: 2021-12-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-16154
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/
- https://metacpan.org/pod/App::cpanminus
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/
- https://metacpan.org/pod/App::cpanminus