Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: perl5Packages.PlackMiddlewareSession

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2014-125112
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @LeSuisse Activity log
  • Created suggestion 1 month ago
  • @LeSuisse accepted 1 month ago
  • @LeSuisse published on GitHub 1 month ago
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Affected products

Plack-Middleware-Session
  • =<0.21

Matching in nixpkgs

Advisory: http://www.openwall.com/lists/oss-security/2026/03/26/2