DEBIAN-CVE-2023-31486

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-31486

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-31486

Upstream

CVE-2023-31486

Published

2023-04-29T00:15:09.083Z

Modified

2025-11-20T10:17:36.081192Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

References

https://security-tracker.debian.org/tracker/CVE-2023-31486

Affected packages

Debian:11

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.32.1-4

5.32.1-4+deb11u1

5.32.1-4+deb11u2

5.32.1-4+deb11u3

5.32.1-4+deb11u4

5.32.1-5

5.32.1-6

5.34.0~rc2-1

5.34.0-1

5.34.0-2

5.34.0-3

5.34.0-4

5.34.0-5

5.36.0-1

5.36.0-2

5.36.0-3

5.36.0-4

5.36.0-5

5.36.0-6

5.36.0-7

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

5.38.2-2

5.38.2-3

5.38.2-3.1

5.38.2-3.2

5.38.2-3.2+hurd.1

5.38.2-4

5.38.2-5

5.40.0~rc1-1

5.40.0-1

5.40.0-2

5.40.0-3

5.40.0-4

5.40.0-5

5.40.0-6

5.40.0-7

5.40.0-8

5.40.1-1

5.40.1-2

5.40.1-3

5.40.1-4

5.40.1-5

5.40.1-6

5.40.1-7

5.42.0-1

5.42.0-2

5.42.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

Debian:12

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/debian/libhttp-tiny-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.082-2

0.088-1

0.090-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.36.0-7

5.36.0-7+deb12u1

5.36.0-7+deb12u2

5.36.0-7+deb12u3

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

5.38.2-2

5.38.2-3

5.38.2-3.1

5.38.2-3.2

5.38.2-3.2+hurd.1

5.38.2-4

5.38.2-5

5.40.0~rc1-1

5.40.0-1

5.40.0-2

5.40.0-3

5.40.0-4

5.40.0-5

5.40.0-6

5.40.0-7

5.40.0-8

5.40.1-1

5.40.1-2

5.40.1-3

5.40.1-4

5.40.1-5

5.40.1-6

5.40.1-7

5.42.0-1

5.42.0-2

5.42.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

Debian:13

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/debian/libhttp-tiny-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.088-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.38.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

Debian:14

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/debian/libhttp-tiny-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.088-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"

perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.38.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-31486.json"