CVE-2018-25160

Gravedad:

Pendiente de análisis

Tipo:

CWE-20 Validación incorrecta de entrada

Fecha de publicación:

27/02/2026

Última modificación:

28/02/2026

Descripción

*** Pendiente de traducción *** HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend.<br /> <br /> For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.

Impacto

Referencias a soluciones, herramientas e información

https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d.patch
https://metacpan.org/pod/Cache::Memcached::Fast::Safe
https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.10/source/Changes
http://www.openwall.com/lists/oss-security/2026/02/27/13