115 matches found
CVE-2025-40923
CVE-2025-40923 affects Plack-Middleware-Session for Perl prior to 0.35, where the default session id generator uses a SHA-1 hash seeded with rand, epoch time, and PID, making session IDs predictable. Fedora advisory notes a fix to version 0.36, using Crypt::SysRandom for secure session IDs. The v...
CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...
Plack::Middleware::Session 安全漏洞
Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.35 that stems from insecure session ID generation...
CVE-2023-52431
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...
CVE-2023-52431
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...
Cross site request forgery (csrf)
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...
Plack-Middleware-XSRFBlock Security Vulnerability
Plack-Middleware-XSRFBlock is a plugin for blocking cross-site request forgery. A security vulnerability exists in the Plack::Middleware::XSRFBlock package version 0.0.19, which stems from the presence of a cross-site request forgery CSRF vulnerability...
CVE-2023-52431
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...
CVE-2023-52431
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...
CVE-2023-52431
CVE-2023-52431 affects Plack::Middleware::XSRFBlock (Perl). The module prior to version 0.0.19 allows bypassing CSRF protection via an empty form value and an empty cookie when signed cookies are disabled. The vulnerability has a high impact in CVSS terms (C/H/I/A=High, exploitable remotely with ...
PT-2024-14587 · Unknown · Plack::Middleware::Xsrfblock
Name of the Vulnerable Software and Affected Versions: Plack::Middleware::XSRFBlock versions prior to 0.0.19 Description: The issue allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie, but only if signed cookies are disabled. Recommendations: For...
SUSE CVE-2014-5269
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...
Mageia: Security Advisory (MGASA-2018-0428)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0486)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : perl-Plack (openSUSE-SU-2014:1639-1)
This perl-Plack update fixes the following security issue : - bnc892328: trailing slashes removed leading to source code disclosure CVE-2014-5269 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...
[ MDVSA-2014:235 ] perl-Plack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:235 http://www.mandriva.com/en/support/security/ Package : perl-Plack Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Plack package fixes security vulnerability:...
Mandriva Linux Security Advisory : perl-Plack (MDVSA-2014:235)
Updated perl-Plack package fixes security vulnerability : Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files...
MGASA-2014-0486 Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
DLA-61-1 libplack-perl - security update
Bulletin has no description...