The Plack::Middleware::XSRFBlock package prior to 0.0.19 for Perl allows malicious users to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).