CVE-2012-6143
Spoon 0.24 - Remote Code Execution via Storable Deserialization
Title source: llmDescription
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84197
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q2/318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59834
Various Sources x_refsource_misc
https://rt.cpan.org/Public/Bug/Display.html?id=85217
Scores
EPSS
0.0279
EPSS Percentile
84.7%
Details
CWE
CWE-94
Status
published
Products (1)
ingy/spoon
0.24
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026