CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Loading...
Loading...
Score 8.1 from GitHub Security Advisory (severity: HIGH) published 2023-04-29. NVD baseline CVSS 8.1; sources differ by 0.0.
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
April 29, 2023
November 3, 2025
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | libperl5.22 (5.22.1-9ubuntu0.9+esm2) @ xenial | 2026-05-25 | ubuntu |
| ubuntu | libperl5.36 (5.36.0-7ubuntu0.23.04.1) @ lunar | 2026-05-25 | ubuntu |
| redhat | perl-main-1.03-524.1.hum1 | 2026-04-10 | redhat |
| redhat | perl-4:5.16.3-299.el7_9.1 | 2026-01-05 | redhat |
| redhat | perl-CPAN-0:2.18-399.el8 | 2024-05-22 | redhat |
| redhat | perl-CPAN-0:2.29-3.el9 | 2023-11-07 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
RHSA-2023:6539 — Moderate
RHSA-2024:3094 — Moderate
RHSA-2026:0079 — Moderate
RHSA-2026:7604 — Moderate
Perl vulnerability
Perl vulnerability
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2023-31484
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.