漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter
Vulnerability Description
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
HAYAJO Mojolicious::Plugin::Web::Auth::OAuth2 加密问题漏洞
Vulnerability Description
HAYAJO Mojolicious::Plugin::Web::Auth::OAuth2是HAYAJO个人开发者开源的一个Web认证组件。 HAYAJO Mojolicious::Plugin::Web::Auth::OAuth2 0.17及之前版本存在加密问题漏洞,该漏洞源于默认状态参数不安全,当未指定状态生成器时,模块默认使用SHA-1哈希可预测的低熵源,包括epoch时间(通过HTTP Date标头泄露)和Perl内置rand函数,导致状态可预测,攻击者可利用跨站请求伪造劫持其他用户会话。
CVSS Information
N/A
Vulnerability Type
N/A