CVE-2020-16155: 
Linux Debian vulnerability analysis and mitigation

CVE-2020-16155 affects the CPAN::Checksums package version 2.12 for Perl. The vulnerability was discovered and disclosed in July 2020, with the CVE being assigned on July 30, 2020. The vulnerability specifically impacts the package's ability to uniquely define signed data, which is a critical security function for package verification (CVE Details).

The vulnerability exists in CPAN::Checksums version 2.12, where the package fails to uniquely define signed data in the CHECKSUMS file. This vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability could enable a supply chain attack by allowing an attacker to manipulate package verification processes. Since CPAN::Checksums is used by PAUSE (Perl Authors Upload Server) for package verification, this vulnerability could potentially affect the integrity of package distribution on CPAN (Hackeriet Blog).

Users should ensure their CPAN client is configured to use a trusted TLS (https) protected mirror as signature verification can be bypassed. The vulnerability has been fixed in CPAN::Checksums version 2.14 and later releases (Hackeriet Blog).