CVE-2018-25160: Perl Http Session2 Cve 2018 25160
Unvalidated session ID obtained from cookies is passed directly to the storage backend. This can lead to injection attacks in backends like Memcached where special characters are not appropriately escaped by default. Ensure the format and length of the session ID are validated prior to lookup.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0generic
greprules fetch cve-2018-25160-perl-http-session2-cve-2018-25160 --engine opengrepDescription
Unvalidated session ID obtained from cookies is passed directly to the storage backend. This can lead to injection attacks in backends like Memcached where special characters are not appropriately escaped by default. Ensure the format and length of the session ID are validated prior to lookup.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.