Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Description

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

Affected Products

Vendor	Product	Versions
MIYAGAWA	Plack::Middleware::Session::Cookie	0

References

https://gist.github.com/miyagawa/2b8764af908a0dacd43d(technical-description)
https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes(release-notes)

Related News (2 articles)

Tier C

VulDB2h ago

CVE-2014-125112 | MIYAGAWA Plack::Middleware::Session::Cookie up to 0.21 on Perl cookie validation

→ No new info (linked only)

Tier C

oss-security5h ago

CVE-2014-125112: Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

→ No new info (linked only)

CVSS 3.17.5 CRITICAL

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-565

Published3/26/2026

Last enriched2h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 2h ago

v3Tier C2h ago

Updated severity to CRITICAL and added CVE-2014-125112 as a relevant tag.

severitytags

via VulDB

v2Tier C5h ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited with an exploit available.

severitycvssEstimateexploitAvailableactivelyExploited

via oss-security

v16h ago

Initial creation