Security Advisories (1)

CVE-2025-40924 (2025-07-17)

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Take me over?

The maintainer of this distribution is looking for someone to take over! If you're interested then please contact them via email.

NAME

Catalyst::Plugin::Session::Test::Store - Reusable sanity for session storage engines.

SYNOPSIS

#!/usr/bin/perl

use Catalyst::Plugin::Session::Test::Store (
    backend => "FastMmap",
    config => {
        storage => "/tmp/foo",
    },
);

DESCRIPTION

To install Catalyst::Plugin::Session, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Plugin::Session

CPAN shell

perl -MCPAN -e shell
install Catalyst::Plugin::Session

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Take me over?

NAME

SYNOPSIS

DESCRIPTION

Module Install Instructions