CPAN 2.28 allows Signature Verification Bypass.
References
Configurations
History
01 Apr 2022, 13:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/ - Third Party Advisory |
12 Jan 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Dec 2021, 15:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ - Exploit, Third Party Advisory | |
References | (MISC) http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html - Exploit, Third Party Advisory | |
References | (MISC) https://metacpan.org/pod/distribution/CPAN/scripts/cpan - Product, Third Party Advisory | |
CWE | CWE-347 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
CPE | cpe:2.3:a:perl:comprehensive_perl_archive_network:2.28:-:*:*:*:perl:*:* cpe:2.3:a:perl:comprehensive_perl_archive_network:2.28:trial:*:*:*:perl:*:* |
14 Dec 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2021, 18:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-13 18:15
Updated : 2024-02-04 22:08
NVD link : CVE-2020-16156
Mitre link : CVE-2020-16156
CVE.ORG link : CVE-2020-16156
JSON object : View
Products Affected
perl
- comprehensive_perl_archive_network
fedoraproject
- fedora
CWE
CWE-347
Improper Verification of Cryptographic Signature