EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

EUVD-2026-31353

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

Catalyst 操作系统命令注入漏洞

Catalyst is a web application framework developed by karutoil’s developers. Catalyst has a vulnerability related to operating system command injection. This vulnerability stems from the installation scripts defined in the server templates, which execute directly on the host operating system with...

[SECURITY] Fedora 42 Update: perl-Catalyst-Plugin-Session-0.44-1.fc42

This plugin is the base of two related parts of functionality required for session management in web applications. The first part, the State, is getting the browser to repeat back a session key, so that the web application can identify the client and logically string several requests together int...

Catalyst::Authentication::Credential::HTTP 安全漏洞

Catalyst::Authentication::Credential::HTTP is a Catalyst open source HTTP basic and digest authentication library. A security vulnerability exists in Catalyst::Authentication::Credential::HTTP version 1.018 and earlier that stems from the use of a non-strongly encrypted source to generate a nonce...

Catalyst 跨站脚本漏洞

Catalyst is an elegant MVC web application framework. A cross-site scripting vulnerability exists in Catalyst Catalyst-Plugin-Session versions prior to 0.40, which stems from incorrect manipulation of the parameter sid leading to cross-site scripting...