rpm package
almalinux/perl-CPAN
pkg:rpm/almalinux/perl-CPAN
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40909 | Med | 5.9 | < 2.28-5.module_el8.6.0+2766+8bf0b7ce | 2.28-5.module_el8.6.0+2766+8bf0b7ce | May 30, 2025 | Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is | |
| CVE-2023-47038 | — | < 2.28-5.module_el8.6.0+2766+8bf0b7ce | 2.28-5.module_el8.6.0+2766+8bf0b7ce | Dec 18, 2023 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | ||
| CVE-2023-31484 | — | < 2.29-3.el9 | 2.29-3.el9 | Apr 28, 2023 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | ||
| CVE-2020-16156 | — | < 2.18-402.el8_10 | 2.18-402.el8_10 | Dec 13, 2021 | CPAN 2.28 allows Signature Verification Bypass. |
- affected < 2.28-5.module_el8.6.0+2766+8bf0b7cefixed 2.28-5.module_el8.6.0+2766+8bf0b7ce
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is
- CVE-2023-47038Dec 18, 2023affected < 2.28-5.module_el8.6.0+2766+8bf0b7cefixed 2.28-5.module_el8.6.0+2766+8bf0b7ce
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
- CVE-2023-31484Apr 28, 2023affected < 2.29-3.el9fixed 2.29-3.el9
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
- CVE-2020-16156Dec 13, 2021affected < 2.18-402.el8_10fixed 2.18-402.el8_10
CPAN 2.28 allows Signature Verification Bypass.