Search criteria
3 vulnerabilities by ETHER
CVE-2025-40920 (GCVE-0-2025-40920)
Vulnerability from cvelistv5 – Published: 2025-08-11 20:19 – Updated: 2025-11-04 21:10
VLAI?
Summary
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.
* Data::UUID does not use a strong cryptographic source for generating UUIDs.
* Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.
* The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity ?
8.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ETHER | Catalyst::Authentication::Credential::HTTP |
Affected:
0.06 , ≤ 1.018
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T20:52:17.823708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T20:52:44.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:19.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Catalyst-Authentication-Credential-HTTP",
"product": "Catalyst::Authentication::Credential::HTTP",
"repo": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP",
"vendor": "ETHER",
"versions": [
{
"lessThanOrEqual": "1.018",
"status": "affected",
"version": "0.06",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eCatalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.\u003cul\u003e\u003cli\u003eData::UUID does not use a strong cryptographic source for generating UUIDs.\u003c/li\u003e\u003cli\u003eData::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.\u003c/li\u003e\u003cli\u003eThe nonces should be generated from a strong cryptographic source, as per RFC 7616.\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.\n * Data::UUID does not use a strong cryptographic source for generating UUIDs.\n * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.\n * The nonces should be generated from a strong cryptographic source, as per RFC 7616."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T11:49:41.169Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1"
},
{
"url": "https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc7616#section-5.12"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers are advised to upgrade to Catalyst-Authentication-Credential-HTTP version 1.019 or later.\u003c/div\u003e"
}
],
"value": "Users are advised to upgrade to Catalyst-Authentication-Credential-HTTP version 1.019 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40920",
"datePublished": "2025-08-11T20:19:57.516Z",
"dateReserved": "2025-04-16T09:05:34.362Z",
"dateUpdated": "2025-11-04T21:10:19.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40907 (GCVE-0-2025-40907)
Vulnerability from cvelistv5 – Published: 2025-05-16 13:03 – Updated: 2025-09-05 13:23
VLAI?
Summary
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.
The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
Synacktiv
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40907",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:07:46.084885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:09:00.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "FCGI",
"product": "FCGI",
"programFiles": [
"libfcgi/fcgiapp.c"
],
"programRoutines": [
{
"name": "ReadParams()"
}
],
"repo": "https://github.com/FastCGI-Archives/fcgi2",
"vendor": "ETHER",
"versions": [
{
"lessThanOrEqual": "0.82",
"status": "affected",
"version": "0.44",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\u003cbr\u003e\u003cbr\u003eThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.\u003cbr\u003e"
}
],
"value": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A proof of concept exploit for the underlying library exists at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\"\u003ehttps://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation\u003c/a\u003e"
}
],
"value": "A proof of concept exploit for the underlying library exists at\u00a0 https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library#exploitation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T13:23:05.630Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/23/4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/FastCGI-Archives/fcgi2/issues/67"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5"
},
{
"tags": [
"technical-description"
],
"url": "https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/perl-catalyst/FCGI/issues/14"
},
{
"tags": [
"patch"
],
"url": "https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\u003cbr\u003e\u003cbr\u003eWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Updating to version 2.4.5 of the included fcgi2 library and rebuilding the Perl module will protect against the vulnerability.\n\nWe also recommend limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40907",
"datePublished": "2025-05-16T13:03:02.774Z",
"dateReserved": "2025-04-16T09:05:34.360Z",
"dateUpdated": "2025-09-05T13:23:05.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43802 (GCVE-0-2021-43802)
Vulnerability from cvelistv5 – Published: 2021-12-09 22:35 – Updated: 2024-08-04 04:03
VLAI?
Summary
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ether | etherpad-lite |
Affected:
< 1.8.16
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ether/etherpad-lite/security/advisories/GHSA-w3g3-qf3g-2mqc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ether/etherpad-lite/issues/5010"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ether/etherpad-lite/compare/b7065eb9a0ec7c3c265f8cfeb2534efe6f036456...77bcb507b30e762e9375b0511b3763e0162aae53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ether/etherpad-lite/releases/tag/1.8.16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "etherpad-lite",
"vendor": "ether",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790: Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-09T22:35:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ether/etherpad-lite/security/advisories/GHSA-w3g3-qf3g-2mqc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ether/etherpad-lite/issues/5010"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ether/etherpad-lite/compare/b7065eb9a0ec7c3c265f8cfeb2534efe6f036456...77bcb507b30e762e9375b0511b3763e0162aae53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ether/etherpad-lite/releases/tag/1.8.16"
}
],
"source": {
"advisory": "GHSA-w3g3-qf3g-2mqc",
"discovery": "UNKNOWN"
},
"title": "Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43802",
"STATE": "PUBLIC",
"TITLE": "Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "etherpad-lite",
"version": {
"version_data": [
{
"version_value": "\u003c 1.8.16"
}
]
}
}
]
},
"vendor_name": "ether"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-790: Improper Filtering of Special Elements"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1287: Improper Validation of Specified Type of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ether/etherpad-lite/security/advisories/GHSA-w3g3-qf3g-2mqc",
"refsource": "CONFIRM",
"url": "https://github.com/ether/etherpad-lite/security/advisories/GHSA-w3g3-qf3g-2mqc"
},
{
"name": "https://github.com/ether/etherpad-lite/issues/5010",
"refsource": "MISC",
"url": "https://github.com/ether/etherpad-lite/issues/5010"
},
{
"name": "https://github.com/ether/etherpad-lite/compare/b7065eb9a0ec7c3c265f8cfeb2534efe6f036456...77bcb507b30e762e9375b0511b3763e0162aae53",
"refsource": "MISC",
"url": "https://github.com/ether/etherpad-lite/compare/b7065eb9a0ec7c3c265f8cfeb2534efe6f036456...77bcb507b30e762e9375b0511b3763e0162aae53"
},
{
"name": "https://github.com/ether/etherpad-lite/releases/tag/1.8.16",
"refsource": "MISC",
"url": "https://github.com/ether/etherpad-lite/releases/tag/1.8.16"
}
]
},
"source": {
"advisory": "GHSA-w3g3-qf3g-2mqc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43802",
"datePublished": "2021-12-09T22:35:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}