NIXPKGS-2026-0799

GitHub issue published 2 months, 4 weeks ago

Permalink CVE-2014-125112

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 months, 4 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 4 weeks ago
@LeSuisse accepted 2 months, 4 weeks ago
@LeSuisse published on GitHub 2 months, 4 weeks ago

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

References

https://gist.github.com/miyagawa/2b8764af908a0dacd43d technical-description
https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/chang… release-notes
http://www.openwall.com/lists/oss-security/2026/03/26/2

Affected products

Plack-Middleware-Session

=<0.21

Matching in nixpkgs

pkgs.perlPackages.PlackMiddlewareSession

Middleware for session management

nixos-unstable 0.33
- nixpkgs-unstable 0.33
- nixos-unstable-small 0.33

pkgs.perl5Packages.PlackMiddlewareSession

Middleware for session management

nixos-unstable 0.33
- nixpkgs-unstable 0.33
- nixos-unstable-small 0.33

pkgs.perl538Packages.PlackMiddlewareSession

None

pkgs.perl540Packages.PlackMiddlewareSession