audreyt/module-signature

audreyt/module-signature

Releases1

Frequency

Last Release almost 2 years ago

Stars16

Module signature file manipulation

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2015-3406 ↗	Nov 29, 2019Friday, 29 November 2019, 21:15	7.5 HIGH	6.4 MEDIUM
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
CVE-2015-3409 ↗	May 19, 2015Tuesday, 19 May 2015, 18:59	—	7.2 HIGH
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVE-2015-3408 ↗	May 19, 2015Tuesday, 19 May 2015, 18:59	—	10 HIGH
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVE-2015-3407 ↗	May 19, 2015Tuesday, 19 May 2015, 18:59	—	5 MEDIUM
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
CVE-2013-2145 ↗	Aug 19, 2013Monday, 19 August 2013, 23:55	—	4.4 MEDIUM
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.