Nixpkgs security tracker
NIXPKGS-2026-0799
GitHub issue
published on
Permalink
CVE-2014-125112
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
References
Affected products
Plack-Middleware-Session
- =<0.21
Matching in nixpkgs
pkgs.perlPackages.PlackMiddlewareSession
Middleware for session management
pkgs.perl5Packages.PlackMiddlewareSession
Middleware for session management
pkgs.perl538Packages.PlackMiddlewareSession
Middleware for session management
pkgs.perl540Packages.PlackMiddlewareSession
Middleware for session management