Skip to main content

Plack CVE-2014-125112

| EUVDEUVD-2014-9820 CRITICAL
Reliance on Cookies without Validation and Integrity Checking (CWE-565)
2026-03-26 CPANSec GHSA-58qr-v987-vh6w
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
CRITICAL
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 02:30 euvd
EUVD-2014-9820
Analysis Generated
Mar 26, 2026 - 02:30 vuln.today
CVE Published
Mar 26, 2026 - 02:04 nvd
CRITICAL 9.8

DescriptionCVE.org

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.

Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

AnalysisAI

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-565. Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie. Affected products include: Miyagawa Plack. Version information: through 0.21.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

Ubuntu

Priority: Medium
libplack-middleware-session-perl
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy not-affected 0.33-1
noble not-affected -
questing not-affected -
upstream released 0.24-1

Debian

libplack-middleware-session-perl
Release Status Fixed Version Urgency
bullseye fixed 0.33-1 -
bookworm fixed 0.33-2 -
trixie fixed 0.34-1 -
forky, sid fixed 0.36-1 -
(unstable) fixed 0.24-1 -

SUSE

Severity: Critical

Share

CVE-2014-125112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy