Unrated severityNVD Advisory· Published Apr 28, 2023· Updated Jan 30, 2025
CVE-2023-31486
CVE-2023-31486
Description
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- HTTP::Tiny/HTTP::Tinydescription
- Range: <0.083
- osv-coords6 versionspkg:rpm/almalinux/perl-HTTP-Tinypkg:rpm/opensuse/perl-HTTP-Tiny&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/perl-HTTP-Tiny&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/perl-HTTP-Tiny&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-HTTP-Tiny&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/perl-HTTP-Tiny&distro=SUSE%20Package%20Hub%2015%20SP5
< 0.076-461.el9+ 5 more
- (no CPE)range: < 0.076-461.el9
- (no CPE)range: < 0.086-bp154.2.3.1
- (no CPE)range: < 0.086-bp155.3.3.1
- (no CPE)range: < 0.086-1.1
- (no CPE)range: < 0.086-bp154.2.3.1
- (no CPE)range: < 0.086-bp155.3.3.1
Patches
Vulnerability mechanics
References
10- www.openwall.com/lists/oss-security/2023/04/29/1mitremailing-list
- www.openwall.com/lists/oss-security/2023/05/03/3mitremailing-list
- www.openwall.com/lists/oss-security/2023/05/03/5mitremailing-list
- www.openwall.com/lists/oss-security/2023/05/07/2mitremailing-list
- blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/mitre
- github.com/chansen/p5-http-tiny/pull/153mitre
- hackeriet.github.io/cpan-http-tiny-overview/mitre
- www.openwall.com/lists/oss-security/2023/04/18/14mitre
- www.openwall.com/lists/oss-security/2023/05/03/4mitre
- www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/mitre
News mentions
0No linked articles in our index yet.