VYPR

Catalyst Plugin Authentication

by Perl Catalyst

Source repositories

CVEs (2)

  • CVE-2009-10007CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to…

  • CVE-2026-5091MedMay 21, 2026
    risk 0.26cvss 5.1epss 0.00

    Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.