Skip to main content

Dancer

2 CVEs product

Monthly

CVE-2026-5080 MEDIUM PATCH This Month

Dancer::Session::Abstract through version 1.3522 generates cryptographically weak session identifiers by combining predictable inputs (file path, process ID, epoch time) with an insufficiently-seeded Perl rand() function, allowing remote attackers to predict valid session IDs and hijack user sessions without authentication. The vulnerability affects Perl-based web applications using Dancer framework's default session handling; active exploitation is not confirmed but the attack requires only guessing a session ID, making it practically exploitable.

Information Disclosure Dancer
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2012-5572 MEDIUM This Month

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dancer
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Dancer::Session::Abstract through version 1.3522 generates cryptographically weak session identifiers by combining predictable inputs (file path, process ID, epoch time) with an insufficiently-seeded Perl rand() function, allowing remote attackers to predict valid session IDs and hijack user sessions without authentication. The vulnerability affects Perl-based web applications using Dancer framework's default session handling; active exploitation is not confirmed but the attack requires only guessing a session ID, making it practically exploitable.

Information Disclosure Dancer
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dancer
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy