CNNVD-202506-1617 Information

Jun 11, 2025 cve

CNNVD ID

CNNVD-202506-1617

CVE-2025-40915

  • CNNVD Published: 2025-06-11

Description (Chinese)

MetaCPAN Perl Mojolicious::Plugin::CSRF是MetaCPAN基金会的一款CSRF防御插件。 MetaCPAN Perl Mojolicious::Plugin::CSRF 1.03版本存在安全漏洞,该漏洞源于使用弱随机数源生成CSRF令牌。

Description (English)

MetaCPAN Perl Mojolicous: :Plugin: :CSRF is a CSRF defence plugin for the MetaCPAN Foundation. MetaCPAN Perl Mojolicous: :Plugin: :CSRF 1.03 has a security loophole, which stems from the use of weak random numbers to generate CSRF tokens.

Hazard Level

Medium

Vulnerability Type

安全特征问题

Affected Vendor

MetaCPAN

Published

2025-06-11

Last Modified

2026-02-24

References

https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03 https://nvd.nist.gov/vuln/detail/CVE-2025-40915

Patch

https://github.com/gryphonshafer/Mojo-Plugin-CSRF/tags

Share on: