LWP-Protocol-https 6.06
Security Advisories
CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.
- http://www.openwall.com/lists/oss-security/2014/05/04/1
- http://www.openwall.com/lists/oss-security/2014/05/02/8
- http://www.openwall.com/lists/oss-security/2014/05/06/8
- https://github.com/libwww-perl/lwp-protocol-https/pull/14
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579
Severity: medium
Reported: 2020-01-28
Kwalitee Issues
No Core Issues.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: LWP::Protocol::https
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
LWP::Protocol::https | Provide https support for LWP::UserAgent | 6.06 | metacpan |
Provides
Name | File | View |
---|---|---|
LWP::Protocol::https::Socket | lib/LWP/Protocol/https.pm | metacpan |