NIXPKGS-2025-0010
published on 1 Nov 2025
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Affected products
Catalyst-Authentication-Credential-HTTP
- =<1.018
Matching in nixpkgs
pkgs.perlPackages.CatalystAuthenticationCredentialHTTP
HTTP Basic and Digest authentication for Catalyst
-
nixos-unstable -
- nixpkgs-unstable 1.018
pkgs.perl538Packages.CatalystAuthenticationCredentialHTTP
HTTP Basic and Digest authentication for Catalyst
-
nixos-unstable -
- nixpkgs-unstable 1.018
pkgs.perl540Packages.CatalystAuthenticationCredentialHTTP
HTTP Basic and Digest authentication for Catalyst
-
nixos-unstable -
- nixpkgs-unstable 1.018