Name of the Vulnerable Software and Affected Versions Dancer2 versions prior to 0.206000

Description A potential remote code execution (RCE) issue exists due to a problem with Storable. To address this, Dancer2 now includes session ID validation in its session engine, allowing session backends based on Storable to reject malformed session IDs that could be exploited. The parsing of requests has been improved by using HTTP::Entity::Parser, reducing the amount of code required and eliminating the need for re-parsing the request body.

Recommendations For versions prior to 0.206000, update to version 0.206000 or later to fix the issue. As a temporary workaround, consider disabling the use of Storable-based session backends until a patch is available.