Security Advisories (1)

CVE-2025-15578 (2026-02-16)

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.

https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43

NAME

Maypole::HTTPD::Frontend - Maypole driver class for Maypole::HTTPD

DESCRIPTION

This is a simple CGI based Maypole driver for Maypole::HTTPD. It's used automatically as the frontend by Maypole::Application.

It overrides the following functions in CGI::Maypole:

get_request: Instantiates a CGI object representing the request.
send_output: Stores generated output in a buffer.

output_now

Actually output what's been buffered by send_output. Used by Maypole::HTTPD

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

output_now

SEE ALSO

Module Install Instructions