19 matches found
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
EUVD-2026-32021
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46740
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
PT-2026-43429
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2025-40916
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...
CVE-2025-40915
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...
CVE-2025-40916
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...
CVE-2025-40916 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...
CVE-2025-40916 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand function for generating the captcha text as well as image noise, which is insecure...
Mojolicious::Plugin::CaptchaPNG 安全漏洞
Mojolicious::Plugin::CaptchaPNG is a captcha plugin from the metaCPAN Foundation. A security vulnerability exists in Mojolicious::Plugin::CaptchaPNG version 1.05, which stems from the use of a weak random number source to generate CAPTCHAs...
PT-2025-25544 · Unknown · Mojolicious::Plugin::Captchapng
Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CaptchaPNG version 1.05 Description: The issue concerns the use of a weak random number source for generating the captcha in Mojolicious::Plugin::CaptchaPNG for Perl. Specifically, version 1.05 utilizes the built-in rand...
SUSE CVE-2025-40915
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...
CVE-2025-40915
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...
CVE-2025-40915
The CVE-2025-40915 entry concerns Mojolicious::Plugin::CSRF 1.03 for Perl, which uses a weak random number source to generate CSRF tokens. Tokens are produced as an MD5 hash of the process id, current time, and a single rand() call, creating predictability. The Red Hat/SUSE entries corroborate th...
CVE-2025-40915 Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...
CVE-2025-40915 Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...