VYPR

Catalyst::Plugin::Session

by Perl Foundation

Source repositories

CVEs (1)

  • CVE-2025-40924MedJul 17, 2025
    risk 0.35cvss 6.5epss 0.00

    Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low…