Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Description

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Affected Products

Vendor	Product	Versions
MIYAGAWA	Plack::Middleware::Session::Cookie	0

References

https://gist.github.com/miyagawa/2b8764af908a0dacd43d(technical-description)
https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes(release-notes)

Related News (2 articles)

Tier C

VulDB4h ago

CVE-2014-125112 | MIYAGAWA Plack::Middleware::Session::Cookie up to 0.21 on Perl cookie validation

→ No new info (linked only)

Tier C

oss-security7h ago

CVE-2014-125112: Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

→ No new info (linked only)

CVSS 3.17.5 CRITICAL

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-565

Published3/26/2026

Last enriched4h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 4h ago

v3Tier C4h ago

Updated severity to CRITICAL and added CVE-2014-125112 as a relevant tag.

severitytags

via VulDB

v2Tier C7h ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited with an exploit available.

severitycvssEstimateexploitAvailableactivelyExploited

via oss-security

v17h ago

Initial creation