Nixpkgs security tracker

Published

Permalink CVE-2009-10007

9.1 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 11 hours ago by @LeSuisse Activity log

Created suggestion 20 hours ago
@LeSuisse accepted 11 hours ago
@LeSuisse published on GitHub 11 hours ago

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

References

Affected products

Catalyst-Plugin-Authentication

<0.10_027

Matching in nixpkgs

pkgs.perlPackages.CatalystPluginAuthentication

Infrastructure plugin for the Catalyst authentication framework

nixos-unstable 0.10023
- nixpkgs-unstable 0.10023
- nixos-unstable-small 0.10023
nixos-26.05 0.10023
- nixos-26.05-small 0.10023
- nixpkgs-26.05-darwin 0.10023

pkgs.perl5Packages.CatalystPluginAuthentication

Infrastructure plugin for the Catalyst authentication framework

nixos-unstable 0.10023
- nixpkgs-unstable 0.10023
- nixos-unstable-small 0.10023
nixos-26.05 0.10023
- nixos-26.05-small 0.10023
- nixpkgs-26.05-darwin 0.10023

Untriaged

Permalink CVE-2026-5091

created 2 weeks, 5 days ago Activity log

Created suggestion 2 weeks, 5 days ago

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

References

Affected products

Catalyst-Plugin-Authentication

=<0.10024

Matching in nixpkgs

pkgs.perlPackages.CatalystPluginAuthentication

Infrastructure plugin for the Catalyst authentication framework

nixos-unstable 0.10023
- nixpkgs-unstable 0.10023
- nixos-unstable-small 0.10023

pkgs.perl5Packages.CatalystPluginAuthentication

Infrastructure plugin for the Catalyst authentication framework

nixos-unstable 0.10023
- nixpkgs-unstable 0.10023
- nixos-unstable-small 0.10023

pkgs.perl538Packages.CatalystPluginAuthentication

None

pkgs.perl540Packages.CatalystPluginAuthentication

None

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.CatalystPluginAuthentication

pkgs.perl5Packages.CatalystPluginAuthentication

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.CatalystPluginAuthentication

pkgs.perl5Packages.CatalystPluginAuthentication

pkgs.perl538Packages.CatalystPluginAuthentication

pkgs.perl540Packages.CatalystPluginAuthentication