PT-2024-31572 · Unknown+6 · App::Cpanminus+6

Stig Palmquist

Published

2024-08-26

Updated

2025-07-09

CVE-2024-45321

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions App::cpanminus versions 1.7047 and earlier

Description The App::cpanminus package for Perl downloads code via insecure HTTP, enabling code execution for network attackers. This issue allows attackers to intercept traffic.

Recommendations For App::cpanminus versions 1.7047 and earlier, consider disabling the use of insecure HTTP downloads until a patch is available. As a temporary workaround, restrict access to the module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494

Related Identifiers

ALSA-2024:10218

ALSA-2024:10219

ALT-PU-2024-13289

CESA-2024_10219

CVE-2024-45321

INFSA-2024_10218

INFSA-2024_10219

MGASA-2024-0339

OPENSUSE-SU-2024:14291-1

RHSA-2024:10218

RHSA-2024_10218

RHSA-2024_10219

RLSA-2024:10218

RLSA-2024:10219

Affected Products

Alt Linux

Almalinux

App::Cpanminus

Centos

Debian

Red Hat

Rocky Linux

PT-2024-31572 · Unknown+6 · App::Cpanminus+6

CVE-2024-45321

Weakness Enumeration

Related Identifiers

Affected Products

References · 47