Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Vulnerability Description
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
Catalyst::Authentication::Credential::HTTP 安全漏洞
Vulnerability Description
Catalyst::Authentication::Credential::HTTP是Catalyst开源的一个HTTP基本和摘要式身份验证库。 Catalyst::Authentication::Credential::HTTP 1.018及之前版本存在安全漏洞,该漏洞源于使用非强加密源生成nonce,可能导致安全风险。
CVSS Information
N/A
Vulnerability Type
N/A