exploitDog

GHSA-w6w2-2wxg-ggwx

Опубликовано: 16 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.

That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.

That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.

Ссылки

EPSS

Процентиль: 15%

0.00048

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-338

Связанные уязвимости

CVE-2025-40916

CVSS3: 9.1

nvd

8 месяцев назад

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.

EPSS

Процентиль: 15%

0.00048

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-338