UBUNTU-CVE-2014-125112

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-125112

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-125112.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-125112

Upstream

CVE-2014-125112

Published

2026-03-26T03:16:00Z

Modified

2026-04-02T17:59:56.635772Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.

References

Affected packages

Ubuntu:16.04:LTS / libplack-middleware-session-perl

Package

Name: libplack-middleware-session-perl
Purl: pkg:deb/ubuntu/libplack-middleware-session-perl@0.30-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.30-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libplack-middleware-session-perl",
            "binary_version": "0.30-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-125112.json"

Ubuntu:18.04:LTS / libplack-middleware-session-perl

Package

Name: libplack-middleware-session-perl
Purl: pkg:deb/ubuntu/libplack-middleware-session-perl@0.30-2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.30-1

0.30-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libplack-middleware-session-perl",
            "binary_version": "0.30-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-125112.json"

Ubuntu:20.04:LTS / libplack-middleware-session-perl

Package

Name: libplack-middleware-session-perl
Purl: pkg:deb/ubuntu/libplack-middleware-session-perl@0.33-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.32-1

0.33-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libplack-middleware-session-perl",
            "binary_version": "0.33-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-125112.json"