Vletop

**Name of the Vulnerable Software and Affected Versions** Dancer versions prior to 1.3114 **Description** A CRLF injection vulnerability exists in the cookie method of Dancer, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name. **Recommendations** For versions prior to 1.3114, update to version 1.3114 or later to resolve the issue. As a temporary workaround, consider restricting the use of the cookie method in lib/Dancer/Cookie.pm to minimize the risk of exploitation.