CVE-2014-125112

EPSS 0.83%
Veröffentlicht 26.03.2026 02:04:10
Zuletzt bearbeitet 06.05.2026 14:50:24
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.

Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Miyagawa ≫ Plack::middleware::session::cookie SwPlatformperl Version < 0.23

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.83%	0.527

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

https://gist.github.com/miyagawa/2b8764af908a0dacd43d

Third Party Advisory

https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes

Release Notes

http://www.openwall.com/lists/oss-security/2026/03/26/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2014-125112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-125112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-125112

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-125112