Bug ID	1229819
Summary	VUL-0: CVE-2024-45321: perl-App-cpanminus: code download via insecure HTTP protocol
Classification	openSUSE
Product	openSUSE Distribution
Version	Leap 15.6
Hardware	Other
URL	https://smash.suse.de/issue/419013/
OS	Other
Status	NEW
Severity	Normal
Priority	P5 - None
Component	Security
Assignee	tina.mueller@suse.com
Reporter	smash_bz@suse.de
QA Contact	security-team@suse.de
CC	camila.matos@suse.com
Target Milestone	---
Found By	Security Response Team
Blocker	---

The App::cpanminus package through 1.7047 for Perl downloads code via insecure
HTTP, enabling code execution for network attackers.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-45321
https://www.cve.org/CVERecord?id=CVE-2024-45321
https://github.com/miyagawa/cpanminus/issues/611
https://github.com/miyagawa/cpanminus/pull/674
https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html

You are receiving this mail because:

You are on the CC list for the bug.