CVE-2014-125112
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Awaiting Analysis
Published: 26 Mar 2026, 02:04
Last modified:26 Mar 2026, 14:53
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
0.02% LOW
0% probability
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Mar 2026, 02:04
Published
Vulnerability first disclosed
26 Mar 2026, 14:53
Last Modified
Vulnerability information updated
Description
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 4%
Techniques & Countermeasures
- CWE-565•Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Affected Systems
- miyagawa•plack::middleware::session::cookie
≤ 0.21