CVE-2014-125112

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Cookie versions through 0.21

Description Plack::Middleware::Session::Cookie versions through 0.21 allows remote code execution. The issue occurs during deserialization of cookie data when no secret is used to sign the cookie, enabling an attacker to execute arbitrary code on the server.

Recommendations Update Plack::Middleware::Session::Cookie to a version later than 0.21.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-565

Related Identifiers

CVE-2014-125112

Affected Products

Plack::Middleware::Session::Cookie

CVE-2014-125112

Weakness Enumeration

Related Identifiers

Affected Products

References · 12