Thread Index - May 2025 - CPANSec CVE announcements

CVE-2024-58135: Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets Breno Oliveira (03 May 2025 10:16 UTC)
CVE-2024-58134: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default Breno Oliveira (03 May 2025 16:13 UTC)
CVE-2025-40907: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library Stig Palmquist (16 May 2025 13:07 UTC)
CVE-2025-40906: BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities Stig Palmquist (16 May 2025 15:19 UTC)