The App::Context module 0.01 up to and including 0.968 for Perl does not properly use the Storable::thaw function, which allows remote malicious users to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
stephen adkins app\\ \\ |