Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks
CVE-2009-10007

Currently unrated

Key Information:

Vendor: Ether
Status: Catalyst::plugin::authentication
Vendor: CVE Published:; 9 June 2026

What is CVE-2009-10007?

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.

Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

Affected Version(s)

Catalyst::Plugin::Authentication 0 < 0.10_027

References

https://metacpan.org/release/ETHER/Catalyst-Plugin-Authen...

release-notes

https://github.com/perl-catalyst/Catalyst-Plugin-Authenti...

patch

https://metacpan.org/pod/Catalyst::Plugin::Session#change...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Jun 5, 2026

CVE-2009-10007 Data

JSON

Ether

What is CVE-2009-10007?

Affected Version(s)

References

Timeline