CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks

🗓️ 09 Dec 2025 00:12:36Reported by CPANSecType

Plack::Middleware::Session for Perl before version 0.17 is vulnerable to HMAC timing attacks.

Reporter	Title	Published	Views	Family All 12
CNNVD	Plack::Middleware::Session 安全漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2013-10031	9 Dec 202500:12	–	cve
Debian CVE	CVE-2013-10031	9 Dec 202500:12	–	debiancve
EUVD	EUVD-2013-7289	9 Dec 202503:31	–	euvd
NVD	CVE-2013-10031	9 Dec 202501:16	–	nvd
OSV	DEBIAN-CVE-2013-10031	9 Dec 202501:16	–	osv
OSV	UBUNTU-CVE-2013-10031	9 Dec 202501:16	–	osv
Positive Technologies	PT-2025-49686	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2013-10031	17 Dec 202509:27	–	redhatcve
UbuntuCve	CVE-2013-10031	9 Dec 202501:16	–	ubuntucve

[
  {
    "collectionURL": "https://cpan.org/modules",
    "defaultStatus": "unaffected",
    "packageName": "Plack-Middleware-Session",
    "product": "Plack::Middleware::Session",
    "programFiles": [
      "lib/Plack/Middleware/Session/Cookie.pm"
    ],
    "programRoutines": [
      {
        "name": "get_session"
      }
    ],
    "repo": "https://github.com/plack/Plack-Middleware-Session.git",
    "vendor": "MIYAGAWA",
    "versions": [
      {
        "lessThan": "0.17",
        "status": "affected",
        "version": "0.01",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4

09 Dec 2025 00:12Current

EPSS0.00245

CWE-1254