Vulnerability in Miyagawa Plack::middleware::session
CVE-2025-40923
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a sm…
EPSS: 0.005 (67.8th percentile) — read the EPSS interpretation.
Affected products
- Miyagawa Plack::middleware::session — versions 0.01