6.5
CVE-2018-25160
- EPSS 0.4%
- Veröffentlicht 27.02.2026 20:15:31
- Zuletzt bearbeitet 18.03.2026 19:25:49
- Quelle 9b29abf9-4ab0-4765-b253-1875cd
- CVE-Watchlists
- Unerledigt
LoginHTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tokuhirom ≫ Http::session2 SwPlatformperl Version <= 1.09
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d.patch
https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.10/source/Changes
https://metacpan.org/pod/Cache::Memcached::Fast::Safe
http://www.openwall.com/lists/oss-security/2026/02/27/13