libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMS
s recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS
file for another authors package, allowing a malicious mirror or network attacker to serve a modified package.