CNNVD-202512-1740 Information

CNNVD ID

CNNVD-202512-1740

Related CVE

CVE-2013-10031

• CNNVD Published: 2025-12-09

Description (Chinese)

Plack::Middleware::Session是plack开源的一个Plack的极简会话库。 Plack::Middleware::Session 0.17之前版本存在安全漏洞，该漏洞源于容易受到HMAC比较时序攻击。

Description (English)

Plack: :Middleware: :Ssession is a very simple Plack session library from a plain source. Plack: :Middleware: :Ssession 0.17 has a security loophole, which stems from the vulnerability of HMAC to more time-series attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

plack

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4

Patch

https://github.com/plack/Plack-Middleware-Session/tags