Thread Index - August 2025 - CPANSec CVE announcements

CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Robert Rothenberg (11 Aug 2025 21:10 UTC)
CVE-2025-40927: CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw Timothy Legge (29 Aug 2025 00:21 UTC)