CVE Catalog

CVE-2014-125112

Critical
Published: Translated: NVD NIST

Summary

Plack::Middleware::Session::Cookie versions through 0.21 for Perl has a vulnerability that allows remote code execution. An attacker can execute arbitrary code on the server during the deserialization of cookie data when no secret is used to sign the cookie.

Risk Assessment

This vulnerability poses a serious risk to server security, allowing attackers to gain control over the system. The lack of proper safeguards can lead to significant security incidents.

Recommendation

It is recommended to update Plack::Middleware::Session::Cookie to a version above 0.21 and implement security measures such as using a secret to sign cookies.

Original NVD description (English source)

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS