漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Vulnerability Description
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
Catalyst::Authentication::Credential::HTTP 安全漏洞
Vulnerability Description
Catalyst::Authentication::Credential::HTTP是Catalyst开源的一个HTTP基本和摘要式身份验证库。 Catalyst::Authentication::Credential::HTTP 1.018及之前版本存在安全漏洞,该漏洞源于使用非强加密源生成nonce,可能导致安全风险。
CVSS Information
N/A
Vulnerability Type
N/A