Headline
CVE-2023-31486: security - Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules
HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
- Products
- Openwall GNU/*/Linux server OS
- Linux Kernel Runtime Guard
- John the Ripper password cracker
- Free & Open Source for any platform
- in the cloud
- Pro for Linux
- Pro for macOS
- Wordlists for password cracking
- passwdqc policy enforcement
- Free & Open Source for Unix
- Pro for Windows (Active Directory)
- yescrypt KDF & password hashing
- yespower Proof-of-Work (PoW)
- crypt_blowfish password hashing
- phpass ditto in PHP
- tcb better password shadowing
- Pluggable Authentication Modules
- scanlogd port scan detector
- popa3d tiny POP3 daemon
- blists web interface to mailing lists
- msulogin single user mode login
- php_mt_seed mt_rand() cracker
- Services
- Publications
- Articles
- Presentations
- Resources
- Mailing lists
- Community wiki
- Source code repositories (GitHub)
- Source code repositories (CVSweb)
- File archive & mirrors
- How to verify digital signatures
- OVE IDs
- What’s new
Related news
Gentoo Linux Security Advisory 202411-09
Gentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.
Red Hat Security Advisory 2024-4430-03
Red Hat Security Advisory 2024-4430-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2023-7174-01
Red Hat Security Advisory 2023-7174-01 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.