FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
968d1e74-1740-11e5-a643-40a8f0757fb4	p5-Dancer -- possible to abuse session cookie values Russell Jenkins reports: It was possible to abuse session cookie values so that file-based session stores such as Dancer::Session::YAML or Dancer2::Session::YAML would attempt to read/write from any file on the filesystem with the same extension the file-based store uses, such as '*.yml' for the YAML stores. Discovery 2015-06-12 Entry 2015-06-20 p5-Dancer < 1.3138 http://lists.preshweb.co.uk/pipermail/dancer-users/2015-June/004621.html

VuXML ID

Description

968d1e74-1740-11e5-a643-40a8f0757fb4

p5-Dancer -- possible to abuse session cookie values

Russell Jenkins reports:

It was possible to abuse session cookie values so that file-based session stores such as Dancer::Session::YAML or Dancer2::Session::YAML would attempt to read/write from any file on the filesystem with the same extension the file-based store uses, such as '*.yml' for the YAML stores.

Discovery 2015-06-12
Entry 2015-06-20
p5-Dancer

< 1.3138

http://lists.preshweb.co.uk/pipermail/dancer-users/2015-June/004621.html