22 matches found
CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...
Plack::Middleware::Session 安全漏洞
Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.35 that stems from insecure session ID generation...