2 matches found
CVE-2026-50638 Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...