CVE-2012-6142
HTML::EP 0.2011 - Remote Code Execution via Storable Deserialization
Title source: llmDescription
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84199
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q2/318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59833
Scores
EPSS
0.0272
EPSS Percentile
84.2%
Details
CWE
CWE-94
Status
published
Products (1)
jochen_wiedmann/html\
\ ep
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026