CVE-2014-125112

CRITICAL 9.8

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

4th

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

CWE	CWE-565
Vendor	miyagawa
Product	plack::middleware::session::cookie
Published	Mar 26, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for miyagawa plack::middleware::session::cookie

Be the first to know when new critical vulnerabilities affecting miyagawa plack::middleware::session::cookie are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MIYAGAWA / Plack::Middleware::Session::Cookie

0 ≤ 0.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gist.github.com: https://gist.github.com/miyagawa/2b8764af908a0dacd43d metacpan.org: https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes openwall.com: http://www.openwall.com/lists/oss-security/2026/03/26/2

Credits

mala (@bulkneets)