{"id":"CVE-2020-16156","details":"CPAN 2.28 allows Signature Verification Bypass.","modified":"2026-04-16T00:05:59.280747957Z","published":"2021-12-13T18:15:07.943Z","related":["ALSA-2025:8432"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/"},{"type":"ADVISORY","url":"https://metacpan.org/pod/distribution/CPAN/scripts/cpan"},{"type":"EVIDENCE","url":"http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html"},{"type":"EVIDENCE","url":"https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.28-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"2.28-trial"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16156.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}