GHSA-pfqm-wq4x-p42cCriticalCVSS 9.1

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session...

Published
June 9, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (1)

📋 Description

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.

Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

🔗 References (7)