CyberSec.Space Logo
Back to CVE Browser

CVE-2014-125112

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0270%
EPSS Percentile31.94th
PublishedMar 26, 2026
Last ModifiedMay 6, 2026

Vulnerability Description

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Affected Platforms (CPE)

๐Ÿ“ฆ
Miyagawa

Plack\

< 0.23

References & Advisories

๐Ÿ”— https://gist.github.com/miyagawa/2b8764af908a0dacd43d
๐Ÿ”— https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes
๐Ÿ”— http://www.openwall.com/lists/oss-security/2026/03/26/2

Related Vulnerabilities

CVE-2013-100317.5

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks

CVE-2014-52695.0

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the ...

CVE-2014-054210.0

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR be...

CVE-2014-054310.0

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR be...