CVE-2025-40915 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of t…
High CVSS: 7.0

CVE-2025-40915

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.

That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Vendor
-
Product
-
CWE
CWE-338
Yayın Tarihi
2025-06-11 17:15:42
Güncelleme
2025-06-12 16:06:20
Source Identifier
9b29abf9-4ab0-4765-b253-1875cd9b441e
KEV Date Added
-

Kategoriler

CWE-338 HIGH 2025

Referanslar

https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03