CVE-2012-6141 Information

Description

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden which is not properly handled when it is deserialized.

Reference

http://seclists.org/oss-sec/2013/q2/318 https://exchange.xforce.ibmcloud.com/vulnerabilities/84198