Primary

Context

Plack Middleware Security Common Header Injection Vulnerability

Vulnerability

Patched

A vulnerability exists in Plack::Middleware::Security::Common for Perl, affecting versions prior to 0.13.1. The issue allows header injections in request paths to bypass security measures, unless the injections are double-encoded. For instance, a request path could be crafted to include CRLF sequences followed by additional headers, potentially evading detection by reverse proxies or Plack-based servers.

Impact

Exploitation of this vulnerability could lead to header injection attacks, allowing attackers to manipulate HTTP headers in requests, which could be exploited by the application or server processing the request.

Remediation

Users can upgrade to Plack::Middleware::Security::Common version 0.13.1 or later, where this vulnerability has been fixed.

Added: May 28, 2026, 3:38 PM

Updated: May 28, 2026, 3:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Plack Middleware Security Common Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Plack::Middleware::Security::Common

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating