Security Advisories (2)
CVE-2020-16156
(2021-12-13)
CPAN 2.28 allows Signature Verification Bypass.
- https://metacpan.org/pod/distribution/CPAN/scripts/cpan
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
CVE-2023-31484
(2023-02-28)
The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client
NAME
CPAN::Queue - internal queue support for CPAN.pm
LICENSE
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Module Install Instructions
To install CPAN, copy and paste the appropriate command in to your terminal.
cpanm CPANperl -MCPAN -e shell
install CPANFor more information on module installation, please visit the detailed CPAN module installation guide.