8.1
CVE-2023-31486
- EPSS 0.56%
- Veröffentlicht 29.04.2023 00:15:09
- Zuletzt bearbeitet 30.01.2025 20:15:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Http::tiny Project ≫ Http::tiny Version < 0.083
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.674 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.