HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Improper Certificate Validation
Initialization of a Resource with an Insecure Default
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/perl | deb | debian | 12 | >=5.36.0-7+deb12u1 | Not yet available |
| debian/libhttp-tiny-perl | deb | debian | 13 | <0.088-1 | 0.088-1 |
| debian/libhttp-tiny-perl | deb | debian | 10 | >=0.076-1 | Not yet available |
| debian/libhttp-tiny-perl | deb | debian | unstable | <0.088-1 | 0.088-1 |
| debian/libhttp-tiny-perl | deb | debian | 12 | >=0.082-2 | Not yet available |
| debian/perl | deb | debian | unstable | <5.38.2-2 | 5.38.2-2 |
| debian/perl | deb | debian | 11 | >=5.32.1-4+deb11u3 | Not yet available |
| debian/perl | deb | debian | 13 | <5.38.2-2 | 5.38.2-2 |
| debian/perl | deb | debian | 10 | >=5.28.1-6+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.2
2.2
-
-
-
-
-
-
-
-
-
-
2.2
-
-