CVE-2014-125112
CRITICALPlack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution
Title source: cnaDescription
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
References (3)
Core 3
Core References
Technical Description technical-description
https://gist.github.com/miyagawa/2b8764af908a0dacd43d
Release Notes release-notes
https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes
Scores
CVSS v3
9.8
EPSS
0.0083
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-565
Status
published
Products (2)
MIYAGAWA/Plack::Middleware::Session::Cookie
< 0.21
miyagawa/plack\
< 0.23
Published
Mar 26, 2026
Tracked Since
Mar 26, 2026