VYPR
Vendor

Perl Catalyst

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2009-10007CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to…

  • CVE-2025-40920HigAug 11, 2025
    risk 0.49cvss 8.6epss 0.00

    Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known…

  • CVE-2025-40924MedJul 17, 2025
    risk 0.35cvss 6.5epss 0.00

    Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low…

  • CVE-2026-5091MedMay 21, 2026
    risk 0.26cvss 5.1epss 0.00

    Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

  • CVE-2018-25052LowDec 28, 2022
    risk 0.00cvss 3.5epss 0.01

    A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads…