CNNVD-202508-952 Information

CNNVD ID

CNNVD-202508-952

Related CVE

CVE-2025-40920

• CNNVD Published: 2025-08-11

Description (Chinese)

Catalyst::Authentication::Credential::HTTP是Catalyst开源的一个HTTP基本和摘要式身份验证库。 Catalyst::Authentication::Credential::HTTP 1.018及之前版本存在安全漏洞，该漏洞源于使用非强加密源生成nonce，可能导致安全风险。

Description (English)

Catalest: :Authorization: :Credential: :HTTP is a basic and abstract HTTP authentication library from Catalest open source. Catalest: :Authorization: :Credential: :HTTP 1.018 and previous versions contain a security loophole that arises from the use of non-enforced sources to generate nonce, which can lead to security risks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Catalyst

Published

2025-08-11

Last Modified

2026-02-24

References

https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18.patch https://datatracker.ietf.org/doc/html/rfc7616#section-5.12 https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391 https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1 https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations https://nvd.nist.gov/vuln/detail/CVE-2025-40920 https://access.redhat.com/security/cve/cve-2025-40920