Net-Imap (>= 0, <= 0.3.9)

A man-in-the-middle attacker can exploit a vulnerability in Net::IMAP's STARTTLS implementation to bypass TLS encryption, leading to cleartext transmission of sensitive information by injecting a spoofed 'OK' response during the TLS negotiation.