Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely
Vulnerability Description
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predictable session ids could allow an attacker to gain access to systems. Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
Plack::Middleware::Session::Simple 安全漏洞
Vulnerability Description
Plack::Middleware::Session::Simple是Masahiro Nagano个人开发者的一个轻量级的会话管理中间件。 Plack::Middleware::Session::Simple 0.04及之前版本存在安全漏洞,该漏洞源于使用不安全的随机数生成器生成会话ID,可能导致会话ID被预测。
CVSS Information
N/A
Vulnerability Type
N/A