CNNVD-202509-3185 Information

CNNVD ID

CNNVD-202509-3185

Related CVE

CVE-2025-40925

• CNNVD Published: 2025-09-20

Description (Chinese)

Starch是Aran Clary个人开发者的一个HTTP会话库。 Starch 0.14及之前版本存在安全漏洞，该漏洞源于会话ID生成不安全，可能导致会话劫持攻击。

Description (English)

Starch is a HTTP chat library of Aran Clary personal developers. There is a security loophole in the Starch 0.14 and previous versions, which stems from the insecurity in the generation of conversational IDs, which could lead to a conversational hijacking attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-20

Last Modified

2026-02-24

References

https://github.com/bluefeet/Starch/commit/5573449e64e0660f7ee209d1eab5881d4ccbee3b.patch https://github.com/bluefeet/Starch/pull/5 https://metacpan.org/dist/Starch/source/lib/Starch/Manager.pm https://access.redhat.com/security/cve/cve-2025-40925