HTTP-Session2 1.04
Security Advisories
HTTP::Session2 1.10 does not validate session id, this causes RCE depending on the session store you use.
Fixed version: >=1.10
Severity: critical
Reported: 2018-01-26
Modules
Name | Abstract | Version | View |
---|---|---|---|
HTTP::Session2 | Abstract base class for HTTP::Session2 | 1.04 | metacpan |
HTTP::Session2::Base | metacpan | ||
HTTP::Session2::ClientStore | (Deprecated)Client store | metacpan | |
HTTP::Session2::ClientStore2 | Client store | metacpan | |
HTTP::Session2::Expired | metacpan | ||
HTTP::Session2::Random | metacpan | ||
HTTP::Session2::ServerStore | Session store | 1.04 | metacpan |