CNNVD-202507-2089 Information
CNNVD ID
CNNVD-202507-2089
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
Plack::Middleware::Session是plack开源的一个Plack的极简会话库。 Plack::Middleware::Session 0.35之前版本存在安全漏洞,该漏洞源于会话ID生成不安全。
Description (English)
Plack: :Middleware: :Ssession is a very simple Plack session library from a plain source. Plack: :Middleware: :Ssession 0.35 has a security loophole, which stems from the insecurity of session ID generation.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
plack
Published
2025-07-16
Last Modified
2026-02-24
References
https://security.metacpan.org/docs/guides/random-data-for-security.html https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22 https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch https://github.com/plack/Plack-Middleware-Session/pull/52 https://vigilance.fr/vulnerability/Perl-Plack-Middleware-Session-weak-encryption-via-Session-Id-Generation-48233 https://access.redhat.com/security/cve/cve-2025-40923
Patch
https://metacpan.org/dist/Plack-Middleware-Session/changes
Share on: