{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2013-10031", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2025-07-10T09:30:45.910Z", "datePublished": "2025-12-09T00:12:36.372Z", "dateUpdated": "2025-12-11T14:36:31.485Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Plack-Middleware-Session", "product": "Plack::Middleware::Session", "programFiles": ["lib/Plack/Middleware/Session/Cookie.pm"], "programRoutines": [{"name": "get_session"}], "repo": "https://github.com/plack/Plack-Middleware-Session.git", "vendor": "MIYAGAWA", "versions": [{"lessThan": "0.17", "status": "affected", "version": "0.01", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks<br>"}], "value": "Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks"}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1254", "description": "CWE-1254 Incorrect Comparison Logic Granularity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-12-09T00:12:36.372Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to version 0.17 or higher"}], "value": "Upgrade to version 0.17 or higher"}], "source": {"discovery": "UNKNOWN"}, "title": "Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-09T19:53:02.755963Z", "id": "CVE-2013-10031", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T14:36:31.485Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2013-10031", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-09T19:53:02.755963Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T19:53:05.460Z"}}], "cna": {"title": "Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "affected": [{"repo": "https://github.com/plack/Plack-Middleware-Session.git", "vendor": "MIYAGAWA", "product": "Plack::Middleware::Session", "versions": [{"status": "affected", "version": "0.01", "lessThan": "0.17", "versionType": "custom"}], "packageName": "Plack-Middleware-Session", "programFiles": ["lib/Plack/Middleware/Session/Cookie.pm"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "programRoutines": [{"name": "get_session"}]}], "solutions": [{"lang": "en", "value": "Upgrade to version 0.17 or higher", "supportingMedia": [{"type": "text/html", "value": "Upgrade to version 0.17 or higher", "base64": false}]}], "references": [{"url": "https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks", "supportingMedia": [{"type": "text/html", "value": "Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1254", "description": "CWE-1254 Incorrect Comparison Logic Granularity"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-12-09T00:12:36.372Z"}}}, "cveMetadata": {"cveId": "CVE-2013-10031", "state": "PUBLISHED", "dateUpdated": "2025-12-11T14:36:31.485Z", "dateReserved": "2025-07-10T09:30:45.910Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2025-12-09T00:12:36.372Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plack:plack-middleware-session:*:*:*:*:*:*:*:*", "matchCriteriaId": "043B7AD9-5A0C-4355-8837-5EF2EF8E6AC3", "versionEndExcluding": "0.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks"}], "id": "CVE-2013-10031", "lastModified": "2025-12-16T19:16:16.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-09T01:16:42.587", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Patch"], "url": "https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1254"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"bugzilla": {"description": "Plack-Middleware-Session: Plack-Middleware-Session: HMAC comparison timing attack vulnerability", "id": "2420282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420282"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-1254", "details": ["Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2013-10031", "public_date": "2025-12-09T00:12:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-10031\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-10031\nhttps://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4"], "statement": "This vulnerability is rated Important for Red Hat products that use Plack::Middleware::Session. A timing attack on HMAC comparison could allow an attacker to infer sensitive information, potentially leading to session hijacking. Successful exploitation requires the ability to accurately measure response times, which may be challenging in typical network environments.", "threat_severity": "Important"}

{"created": "2025-12-09T10:26:30.749737+00:00", "updated": "2025-12-09T10:26:30.749764+00:00", "vendors": ["plack_project", "plack_project$PRODUCT$plack"]}