Upstream information
Description
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| CVSS detail | CNA (CISA-ADP) |
|---|---|
| Base Score | 9.8 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Timeline for this CVE
CVE page created: Thu Mar 26 05:00:03 2026CVE page last modified: Sun Mar 29 21:25:29 2026