Security Advisories (1)

CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Starch::Plugin - Starch plugin framework.

DESCRIPTION

See "PLUGINS" in Starch for instructions on using plugins and a list of available plugins.

WRITING

Plugins can modify any of the manager (Starch::Manager), state (Starch::State), and store (Starch::Store) classes to extend functionality.

A plugin may extend several of these classes, via plugin bundles, or just one. A common setup is a plugin bundle which adds arguments to the manager object and then adds logic to the state objects which acts upon the arguments.

See Starch::Plugin::CookieArgs for a basic example plugin. See "PLUGINS" in Starch for more existing plugins.

See the SYNOPSIS in Starch::Plugin::Bundle, Starch::Plugin::ForManager, Starch::Plugin::ForState, and Starch::Plugin::ForStore documentation for some decent boilerplate for writing new plugins.

Plugins and plugin bundles are applied by Starch::Factory, which itself acts as a dynamic plugin bundle.

AUTHORS AND LICENSE

See "AUTHOR" in Starch, "CONTRIBUTORS" in Starch, and "LICENSE" in Starch.

To install Starch, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Starch

CPAN shell

perl -MCPAN -e shell
install Starch

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

WRITING

AUTHORS AND LICENSE

Module Install Instructions

Keyboard Shortcuts