VDB

GCVE-VVD-MAGEIA-2025-276

GCVE-VVD-MAGEIA-2025-276
Advisory Published
Vulnetix · Advisory published November 12, 2025
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaperl-CPAN0 (affected), 2.340.0-1.1.mga9 (unaffected)
Mageiaperl-HTTP-Tiny0 (affected), 0.82.0-1.1.mga9 (unaffected)

References

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities
advisory
Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities
issue
Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›