CNNVD-202507-2303 Information
CNNVD ID
CNNVD-202507-2303
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
Catalyst-Plugin-Session是Catalyst开源的一个应用程序。 Catalyst-Plugin-Session 0.44之前版本存在安全漏洞,该漏洞源于会话ID生成方式不安全,可能导致会话劫持。
Description (English)
Catalyst-Plugin-session is an application from Catalyst Open Source. There was a security loophole in the pre-Catalyst-Plugin-Ssession 0.44, which stemmed from the unsafe manner in which session ID was generated, which could lead to the hijacking of sessions.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Catalyst
Published
2025-07-17
Last Modified
2026-02-24
References
https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632 https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5 https://vigilance.fr/vulnerability/Perl-Catalyst-Plugin-Session-weak-encryption-via-Session-Id-Generation-48234
Patch
https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/v0.44
Share on: