CVE-2025-40915 Information
Jun 12, 2025
cve
Description
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.
That version of the module generates tokens as an MD5 of the process id the current time and a single call to the built-in rand() function.
Reference
https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03
Related CNNVD
CNNVD-202506-1617 (Published: 2025-06-11)
Share on: