VYPR

Catalyst-Plugin-Session

by Perl Catalyst

Source repositories

CVEs (2)

  • CVE-2025-40924MedJul 17, 2025
    risk 0.35cvss 6.5epss 0.00

    Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low…

  • CVE-2018-25052LowDec 28, 2022
    risk 0.00cvss 3.5epss 0.01

    A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads…