Download of Code Without Integrity Check Affecting perl-App-cpanminus:1.7044/perl-CPAN-Meta-Check package, versions <0:0.014-6.module_el8.10.0+3924+8d272be4


Severity

Recommended
medium

Based on AlmaLinux security rating.

Threat Intelligence

EPSS
0.06% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALMALINUX8-PERLAPPCPANMINUS-8454215
  • published4 Dec 2024
  • disclosed25 Nov 2024

Introduced: 25 Nov 2024

NewCVE-2024-45321  (opens in a new tab)
CWE-494  (opens in a new tab)

How to fix?

Upgrade AlmaLinux:8 perl-App-cpanminus:1.7044/perl-CPAN-Meta-Check to version 0:0.014-6.module_el8.10.0+3924+8d272be4 or higher.
This issue was patched in ALSA-2024:10219.

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl-App-cpanminus:1.7044/perl-CPAN-Meta-Check package and not the perl-App-cpanminus:1.7044/perl-CPAN-Meta-Check package as distributed by AlmaLinux. See How to fix? for AlmaLinux:8 relevant fixed versions and status.

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

CVSS Scores

version 3.1