Fluid Attacks Database

Description

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libplack-middleware-session-perl	>=0 <0.24-1	0.24-1
debian 14	libplack-middleware-session-perl	>=0 <0.24-1	0.24-1
debian 11	libplack-middleware-session-perl	>=0 <0.24-1	0.24-1
debian 13	libplack-middleware-session-perl	>=0 <0.24-1	0.24-1

Aliases

1. CVE-2014-1251122. NVD-2014-1251123. OSV-DEBIAN-2014-1251124. OSV-2014-1251125. SECURITY-TRACKER-CVE-2014-125112

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.