CVE-2025-40923
A random session id generation flaw has been discovered in Plack-Middleware-Session. By default, session ids are generated by a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed if it is...