Insecure Default TLS Configuration in HTTP::Tiny

Insecure Default TLS Configuration in HTTP::Tiny

CVE-2023-31486 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Learn more about our User Device Pen Test.