{"id":"CVE-2024-45321","details":"The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.","modified":"2026-04-16T04:32:57.169702973Z","published":"2024-08-27T04:15:09.010Z","related":["ALSA-2024:10218","ALSA-2024:10219","RLSA-2024:10218","openSUSE-SU-2024:14291-1"],"references":[{"type":"REPORT","url":"https://github.com/miyagawa/cpanminus/issues/611"},{"type":"FIX","url":"https://github.com/miyagawa/cpanminus/pull/674"},{"type":"EVIDENCE","url":"https://security.metacpan.org/2024/08/26/cpanminus-downloads-code-using-insecure-http.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miyagawa/cpanminus","events":[{"introduced":"0"},{"last_affected":"7664a6888fb15a6f19dc915e9a3b834939da1ce4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7047"}]}}],"versions":["0.01","0.02","0.03","0.04","0.05","0.06","0.07","0.08","0.09","0.9910","0.9911","0.9912","0.9913","0.9914","0.9915","0.9916","0.9917","0.9918","0.9919","0.9921","0.9922","0.9923","0.9927","0.9928","0.9929","0.9930","0.9931","0.9932","0.9934","0.999_01","0.999_02","0.999_03","0.999_04","0.999_05","0.99_03","0.99_04","0.99_05","0.99_06","0.99_07","0.99_20","0.99_24","0.99_25","0.99_26","0.99_33","1.0001","1.0002","1.0003","1.0004","1.0005","1.0006","1.0010","1.0011","1.0012","1.0013","1.0014","1.0015","1.1000","1.1001","1.1002","1.1003","1.1004","1.1005","1.1006","1.1007","1.19_01","1.19_02","1.2001","1.29_01","1.29_02","1.3000","1.3001","1.30_02","1.30_03","1.30_04","1.30_05","1.30_06","1.30_07","1.30_08","1.30_09","1.30_10","1.30_11","1.30_12","1.30_13","1.4000","1.4001","1.4002","1.4003","1.4004","1.4005","1.4006","1.4007","1.4008","1.49_01","1.49_02","1.5000","1.5001","1.5002","1.5003","1.5004","1.5005","1.5006","1.5007","1.5008","1.5009","1.5010","1.5011","1.5014","1.5015","1.5016","1.5017","1.5018","1.5019","1.5020","1.5021","1.59_01","1.59_02","1.59_03","1.59_04","1.59_05","1.59_06","1.59_07","1.59_08","1.59_09","1.59_10","1.59_11","1.59_12","1.59_13","1.6000","1.6001","1.6002","1.6003","1.6004","1.6005","1.6006","1.6007","1.6008","1.6100","1.6101","1.6102","1.6106","1.6107","1.6108","1.6190","1.6191","1.6192","1.6193","1.6900","1.6901","1.6902","1.6903","1.6904","1.6905","1.6906","1.6907","1.6908","1.6909","1.6910","1.6911","1.6912","1.6913","1.6914","1.6915","1.6916","1.6917","1.6918","1.6919","1.6920","1.6921","1.6922","1.6923","1.6924","1.6925","1.6926","1.6927","1.6928","1.6929","1.6930","1.6931","1.6932","1.6933","1.6934","1.6935","1.6936","1.6937","1.6938","1.6939","1.6940","1.6941","1.6942","1.6943","1.7000","1.7001","1.7002","1.7003","1.7004","1.7005","1.7006","1.7007","1.7008","1.7009","1.7010","1.7011","1.7012","1.7013","1.7014","1.7015","1.7016","1.7017","1.7018","1.7019","1.7020","1.7021","1.7022","1.7023","1.7024","1.7025","1.7026","1.7027","1.7028","1.7029","1.7030","1.7031","1.7032","1.7033","1.7034","1.7035","1.7036","1.7037","1.7038","1.7039","1.7040","1.7041","1.7042","1.7043","1.7044","1.7045","1.7046","1.7047"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45321.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}