This page aggregates publicly disclosed CVE and security risk information related to chorny, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-10075 | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted. | 9b29abf9-4ab0-4765-b253-1875cd9b441e | 9.1 | 0.01% | 2026-05-08 | 2026-05-08 |
| CVE-2025-40931 | Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids cou | 9b29abf9-4ab0-4765-b253-1875cd9b441e | 9.1 | 0.03% | 2026-03-05 | 2026-04-12 |